PROPOLICE FOR FREEBSD


This patch implements the work of Hiroaki Etoh into FreeBSD 5.4 and 6.0.
See http://www.trl.ibm.com/projects/security/ssp/ or Wikipedia for details

Propolice is also known as Stack-Smashing Protector (SSP)

Update 12 nov 2006: tested and confirmed to work on FreeBSD 6.1-RELEASE and FreeBSD 6.2-PRERELEASE.

For info comments questions and feedback about this patch, mail to Marieke Janssen (marieke at paranoid dot nl)

downloads:

propolice-test.c ( MD5 = 35418722dcb28f856e2bf12979d1d326 )
propolice patch for FreeBSD 5.4/GCC 3.4.2 ( MD5 = 0da65beb38df994e44db110ba919085e )
propolice patch for FreeBSD 6.0/GCC 3.4.4 ( MD5 = cb356e464a52cf81e6f92710e0d602f3 )

The patch contains the following parts:

  • GCC Patches from IBM
  • FreeBSD libc/libkern additions, also some changes to Makefiles
  • Introducing the new sysctl kern.arnd, for filling the canary

How to use:

  1. Get source of FreeBSD 5.4-RELEASE or FreeBSD 6.0-RELEASE

  2. download and apply the propolice patch.

    cd /usr/src
    patch -p0 < propolice-fbsd54-2.diff

  3. cp /usr/src/sys/sys/sysctl.h /usr/include/sys/sysctl.h
  4. (this is neccesary)

  5. build and install libc

    cd /usr/src/lib/libc
    make obj && make depend && make all install

  6. build and install gcc

    cd /usr/src/gnu/usr.bin/cc
    make obj && make depend && make all install
  7. Recompile everything:

    A) Build new kernel (neccessary!)

        cd /usr/src && make buildkernel && make installkernel && reboot

    B) Build new world (recommended)

        cd /usr/src && make buildworld && make installworld

    C) rebuild applications (recommended)

  8. Congratulations., your system is now propolice-enabled.

    $ gcc -v
    Using built-in specs.
    Configured with: FreeBSD/i386 system compiler
    Thread model: posix gcc version 3.4.2 [FreeBSD] 20040728 (propolice)

    You can test the stackprotector with propolice-test.c :

    $ gcc -o ptest propolice-test.c
    $ ./ptest
    Abort (core dumped)
    $ tail -2 /var/log/messages
    Apr 23 15:55:34 devel ptest: stack overflow in function main
    Apr 23 15:55:34 devel kernel: pid 17722 (ptest), uid 0: exited on signal 6 (core dumped)

    SSP gives the program a kill SIGABORT (signal 6).

    An executable is protected when you see __stack_smash_handler with strings. (Such executable will NOT run on a system without SSP in LIBC)

    $ strings a.out | grep smash
    __stack_smash_handler


NOTE: The executables will only be protected when compiled with a propolice-gcc so dont use precompiled packages/distributions. Use ports or source only !

NOTE: don't upgrade/downgrade libc (that includes a new world) without an (dummy) SSP handler in it. Programs compiled with propolice won't run on a libc without propolice. YOU WILL BREAK THINGS.

LINKS:
GCC extension for protecting applications from stack-smashing attacks
Wikipedia
How to patch Solaris
Interview
with an openbsd developper (search for propolice)
OpenBSD: Stack-Smashing Protection
Jeremie Le-Hen's propolice implementation for FreeBSD 6.0



Author of this patch&page: Marieke Janssen (marieke at paranoid dot nl)
Updated: Nov 12 2006 / tested on FreeBSD 6.1 and 6.2
Updated: Apr 23 2005 / Initial patch
Updated: May 25 2005 / documentation + md5 strings
Updated: Okt 24 2005 / Adding patch for FreeBSD 6.0