oss-sec mailing list archives

Re: Qualys Security Advisory - The Stack Clash

From: Agostino Sarubbo <ago () gentoo org>
Date: Wed, 21 Jun 2017 12:46:28 +0200

On Monday 19 June 2017 08:28:43 Qualys Security Advisory wrote:

III. Solutions
- Recompile all userland code (ld.so, libraries, binaries) with GCC's
  "-fstack-check" option, which prevents the stack-pointer from moving
  into another memory region without accessing the stack guard-page (it
  writes one word to every 4KB page allocated on the stack).


For the record, Gentoo Hardened enables by default -fstack-check=specific

-- 
Agostino Sarubbo
Gentoo Linux Developer

Current thread:

Re: Qualys Security Advisory - The Stack Clash, (continued)
- - - Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 25)
    - Re: Qualys Security Advisory - The Stack Clash Qualys Security Advisory (Jun 28)
    - Re: Qualys Security Advisory - The Stack Clash Josh Bressers (Jun 21)
    - Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 21)
    - Re: Qualys Security Advisory - The Stack Clash Stuart Henderson (Jun 21)
    - Re: Qualys Security Advisory - The Stack Clash kseifried () redhat com (Jun 21)
    - Re: Qualys Security Advisory - The Stack Clash Qualys Security Advisory (Jun 21)
    - Re: Qualys Security Advisory - The Stack Clash Jeff Law (Jun 21)
    - Re: Qualys Security Advisory - The Stack Clash Daniel Micay (Jun 21)
    - Re: Qualys Security Advisory - The Stack Clash Florian Weimer (Jun 22)
- Re: Qualys Security Advisory - The Stack Clash Agostino Sarubbo (Jun 21)
  - Re: Qualys Security Advisory - The Stack Clash Brad Spengler (Jun 21)
    - Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 21)
    - Re: Qualys Security Advisory - The Stack Clash Daniel Micay (Jun 21)
    - Re: Qualys Security Advisory - The Stack Clash Brad Spengler (Jun 21)
    - Re: Qualys Security Advisory - The Stack Clash Mike O'Connor (Jun 22)
    - Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 24)
    - Re: Qualys Security Advisory - The Stack Clash Jeff Law (Jun 23)
    - Re: Qualys Security Advisory - The Stack Clash Kurt Seifried (Jun 23)
    - Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 24)
    - Re: Qualys Security Advisory - The Stack Clash Qualys Security Advisory (Jun 21)

(Thread continues...)