| Deutsch English Français Italiano |
|
<4cf60b5fd8b785feb07a67a823cc349d@www.novabbs.org> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!weretis.net!feeder9.news.weretis.net!news.nk.ca!rocksolid2!i2pn2.org!.POSTED!not-for-mail From: mitchalsup@aol.com (MitchAlsup1) Newsgroups: comp.arch Subject: Re: Constant Stack Canaries Date: Sun, 30 Mar 2025 20:14:53 +0000 Organization: Rocksolid Light Message-ID: <4cf60b5fd8b785feb07a67a823cc349d@www.novabbs.org> References: <vsbcnl$1d4m5$1@dont-email.me> <vsc058$20pih$1@dont-email.me> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Info: i2pn2.org; logging-data="2441953"; mail-complaints-to="usenet@i2pn2.org"; posting-account="o5SwNDfMfYu6Mv4wwLiW6e/jbA93UAdzFodw5PEa6eU"; User-Agent: Rocksolid Light X-Rslight-Posting-User: cb29269328a20fe5719ed6a1c397e21f651bda71 X-Spam-Checker-Version: SpamAssassin 4.0.0 X-Rslight-Site: $2y$10$fW8OraTQdk9/KpK60TL.eekyH7GbpxdvqhX2y5rxxyhZdsK3nFBJy Bytes: 2640 Lines: 42 On Sun, 30 Mar 2025 17:47:59 +0000, BGB wrote: > On 3/30/2025 7:16 AM, Robert Finch wrote: >> Just got to thinking about stack canaries. I was going to have a special >> purpose register holding the canary value for testing while the program >> was running. But I just realized today that it may not be needed. Canary >> values could be handled by the program loader as constants, eliminating >> the need for a register. Since the value is not changing while the >> program is running, it could easily be a constant. This may require a >> fixup record handled by the assembler / linker to indicate to the loader >> to place a canary value. >> >> Prolog code would just store an immediate to the stack. On return a TRAP >> instruction could check for the immediate value and trap if not present. >> But the process seems to require assembler / linker support. >> > > They are mostly just a normal compiler feature IME: > Prolog stores the value; > Epilog loads it and verifies that the value is intact. Agreed. > Using a magic number Remove excess words. > Nothing fancy needed in the assemble or link stages. They remain blissfully ignorant--at most they generate the magic number, possibly at random, possibly per link-module. > In my case, canary behavior is one of: > Use them in functions with arrays or similar (default); > Use them everywhere (optional); > Disable them entirely (also optional). > > In my case, it is only checking 16-bit magic numbers, but mostly because > a 16-bit constant is cheaper to load into a register in this case > (single 32-bit instruction, vs a larger encoding needed for larger > values). > > ....