Project

General

Profile

Actions

action #64084

closed

[sle][security][sle15sp2] Implement test for "Switch from CC_STACKPROTECTOR to CC_STACKPROTECTOR_STRONG"

Added by rfan1 over 4 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
Low
Assignee:
Category:
New test
Target version:
-
Start date:
2020-03-03
Due date:
2020-03-06
% Done:

0%

Estimated time:
Difficulty:

Description

We (security team) would like to see a switch from CC_STACKPROTECTOR to CC_STACKPROTECTOR_STRONG in the kernel. This provides better protection against stack based buffer overflows. We hope that it's an easy switch since we have CC_STACKPROTECTOR for quite a while and CC_STACKPROTECTOR_STRONG only add some additional criteria when to add the code to check the canary.

To be mentioned here, the feature should be applied to all platforms (x86_64/aarch64/ppc64) but not ready in s390x platform yet.

Actions #1

Updated by rfan1 over 4 years ago

rfan1 wrote:

We (security team) would like to see a switch from CC_STACKPROTECTOR to CC_STACKPROTECTOR_STRONG in the kernel. This provides better protection against stack based buffer overflows. We hope that it's an easy switch since we have CC_STACKPROTECTOR for quite a while and CC_STACKPROTECTOR_STRONG only add some additional criteria when to add the code to check the canary.

To be mentioned here, the feature should be applied to all platforms (x86_64/aarch64/ppc64) but not ready in s390x platform yet.

https://bugzilla.suse.com/tr_show_case.cgi?case_id=1744070

Actions #2

Updated by rfan1 over 4 years ago

  • Status changed from New to In Progress
Actions #3

Updated by rfan1 over 4 years ago

  • Status changed from In Progress to Resolved
Actions

Also available in: Atom PDF