TOP PAGETokyo Research LaboratoryEmploymentProjectsRelated InformationIBM Research
Japanese page is not available yet.

Implementation Notes

  • The STACK_PROTECTOR defines the default behavior of the stack protection of the compiler. If set, it always produces the stack protecton code. If not set, it produces the instrument only at the use of -fstack-protector compiler option.
  • We assume every variables on stack is pointed by the combination of the start address of each variable and the offset from the start address. It is necessary to distinguish a reference to a character array and a reference to the other type of variable. So we modified a few portion of source codes. Since EXPAND_SUM directive in the expand_expr function doesn't preserve the characteristics, we changed the use of such directives as follows: if (flag_propolice_protection && modifier ==EXPAND_SUM) modifier =EXPAND_NORMAL;
  • There are __guard_setup and __stack_smach_handler defined in libgcc2.c. The security strength of the protection and the portability of the protection method is influenced by the way how they are implemented. The device /dev/urandom is used to determine the guard value, but it is not portable. For only the case where the device can not be used, we decided to change the protection strategy which uses the termination canary. The canary is invented by Crispin Cowan. it is hard to overwrite the value using string functions. Though it isn't difficult to overwrite it in the case of using binary copy functions (memcpy, bcopy, etc), such overflow problems usually occur on the program that carelessly calculates the size of copying buffer. I think such problem can be found and fixed at the debug time.
      fd = open ("/dev/urandom", 0);
      if (fd != -1) {
        ssize_t size = read (fd, &__guard, sizeof(__guard));
        close (fd) ;
        if (size == sizeof(__guard)) return;
      /* If a random generator can't be used, the protector switches the guard
         to the "terminator canary" */
      __guard[0] = 0; __guard[1] = 0; __guard[2] = '\n'; __guard[3] = 255;
  • The assign_stack_temp function re-use the stack region that has been used in the independent block. Because propolice protection moves the location of character array to the opposite direction for the other type of variable, it requests the use of stack region of character array should be separate to the region of the other type of variables. The function is modified to satisfy the requirement.
  • We use the used flag of RTL in PLUS if this expression have already moved the location in the processing of propolice protection. After that, all flags in PLUS are cleared. The process will be invoked after the first rtl generation, at the processing of purge_addressof, and at the global_alloc processing that assigns the pseudo register to stack.
Change Logs
  • gcc-3.0 (June 28, 2001)
  • sparc-sun-solaris2.6 (June 12, 2001)
  • syslog support (May 5, 2001)

Research home IBM home Order Privacy Legal Contact IBM
Last modified 28 June 2001