[hardening-discuss] Bug#771056: ICC stack protection false negative
Cornea, Alexandru
alexandru.cornea at intel.com
Wed Nov 26 11:30:42 UTC 2014
Package: hardening-includes
Version: 2.7
X-Debbugs-CC: costel.maxim at intel.com
The script hardening-check can give a false negative result if the binary analyzed was compiled with ICC (with stack protection).
Hardening-check looks for __stack_chk_fail, but in ICC compiled binaries the correct functions to be searched for should be __intel_security_cookie or __intel_security_check_cookie.
Below is a naive patch:
diff --git a/usr/bin/hardening-check b/hardening-check-intel
index 799943c..f40eda7 100755
--- a/usr/bin/hardening-check
+++ b/hardening-check-intel
@@ -302,6 +302,7 @@ foreach my $file (@ARGV) {
# Stack-protected
$name = " Stack protected";
if (defined($functions->{'__stack_chk_fail'}) ||
+ defined($functions->{'__intel_security_cookie'}) ||
(!$elf && defined($functions->{'__stack_chk_fail_local'}))) {
good($name, "yes")
}
Regards,
Alex
More information about the hardening-discuss
mailing list