[Python-Dev] OpenBSD anyone?

[Kurt B. Kaiser]

Guido van Rossum <guido at python.org> writes:

> I've tried to look for a way to report OpenBSD bugs, but it appears
> the only way to report one is by using their sendbug command, which
> assumes you've got OpenBSD installed.  Would someone here be so kind
> as to report the bug we've found?  A pointer to Kurt's last message in
> this thread should be a good piece of evidence.

I'm not ignoring you, shore.net is delaying inbound messages over 24h
and that's slowing me down.

The problem is related to the ProPolice "stack smash" protector.  It
does exactly what I saw: It copies any pointer arguments to an area in
the frame below the locally declared buffers.  The error appears to be
in referencing the original location in the arguments when making the
call to load_next().

One of the ProPolice ideas is that a pointer (especially a pointer to
a function) can be hacked by a buffer overrun to point to rogue code.

www.trl.ibm.com/projects/security/ssp/

The implementation appears to be copying all argument pointers for
good measure.

I'm looking into this to see if there is a better way to fix the 
import code.  Making a local copy of the pointer fixes the segfault but
it's not clear to me yet whether that's a solid fix for all uses of
this code in Python.

As far as reporting the bug, I can do that once I localize the problem
in gcc and see whether it's been fixed.  A quick search of the OpenBSD
bug database came up dry, but maybe I don't know how to phrase the
question yet.

-- 
KBK