Hi,

Just to clarify, are you suggesting inserting a null byte as the first byte for the canary, to mitigate attack vectors originating from strcpy functions family ?

AFAIU, TF-A's reference use a pure random canary which is an acceptable policy.

But as you suggest, the canary generation function could be hardened by nullifying the first byte?

As the function is platform specific, I appreciate this would be easy to implement/fine tune with such mitigation on your platform.

Are you suggesting adopting the same policy in the reference implementation?

Regards,

Olivier.

From: zjw88282740--- via TF-A <tf-a@lists.trustedfirmware.org>
Sent: 27 October 2022 09:05
To: tf-a@lists.trustedfirmware.org <tf-a@lists.trustedfirmware.org>
Subject: [TF-A] Making the first byte of the stack canary a NULL for better security

Hello,
After learning the current implementation of plat_get_stack_protector_canary in TF-A, i am curious about why we not make the first byte of canary an NULL byte for better security?
--
TF-A mailing list -- tf-a@lists.trustedfirmware.org
To unsubscribe send an email to tf-a-leave@lists.trustedfirmware.org