Hi,
Just to clarify, are you suggesting inserting a null byte as the first byte for the canary, to mitigate attack vectors originating from strcpy functions family ?
AFAIU, TF-A's reference use a pure random canary which is an acceptable policy. But as you suggest, the canary generation function could be hardened by nullifying the first byte?
As the function is platform specific, I appreciate this would be easy to implement/fine tune with such mitigation on your platform. Are you suggesting adopting the same policy in the reference implementation?
Regards, Olivier.
________________________________ From: zjw88282740--- via TF-A tf-a@lists.trustedfirmware.org Sent: 27 October 2022 09:05 To: tf-a@lists.trustedfirmware.org tf-a@lists.trustedfirmware.org Subject: [TF-A] Making the first byte of the stack canary a NULL for better security
Hello, After learning the current implementation of plat_get_stack_protector_canary in TF-A, i am curious about why we not make the first byte of canary an NULL byte for better security? -- TF-A mailing list -- tf-a@lists.trustedfirmware.org To unsubscribe send an email to tf-a-leave@lists.trustedfirmware.org