Revert r346292 (permit_nonrandom_stackcookies)

We have a better, more comprehensive knob for this now: kern.random.initial_seeding.bypass_before_seeding=1. Requested by: delphij Sponsored by: Dell EMC Isilon
svn path=/head/; revision=347555
2024-10-07 00:50:50 +00:00 · 2019-05-13 23:37:44 +00:00 · 2019-05-13 23:37:44 +00:00 · e199792d23 · 2020-12-20 02:59:44 +00:00
parent b17868a211
commit e199792d23
2 changed files with 3 additions and 55 deletions
--- a/7
+++ b/7
@ -75,13 +75,6 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW:
 	met as for the diagnostic sysctls above.  Defaults to zero, i.e.,
 	produce warnings in dmesg when the conditions are met.

-20190416:
-	The tunable "security.stack_protect.permit_nonrandom_cookies" may be
-	set to a non-zero value to boot systems that do not provide early
-	entropy.  Otherwise, such systems may see the panic message:
-	"cannot initialize stack cookies because random device is not yet
-	seeded."
-
 20190416:
 	The loadable random module KPI has changed; the random_infra_init()
 	routine now requires a 3rd function pointer for a bool (*)(void)
--- a/sys/kern/stack_protector.c
+++ b/sys/kern/stack_protector.c
@ -4,28 +4,12 @@ __FBSDID("$FreeBSD$");
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/kernel.h>
-#include <sys/random.h>
-#include <sys/sysctl.h>
 #include <sys/systm.h>
 #include <sys/libkern.h>

 long __stack_chk_guard[8] = {};
 void __stack_chk_fail(void);

-/*
- * XXX This default is unsafe!!!  We intend to change it after resolving issues
- * with early entropy in the installer; some kinds of systems that do not use
- * loader(8), such as riscv, aarch64, and power; and perhaps others that I am
- * forgetting off the top of my head.
- */
-static bool permit_nonrandom_cookies = true;
-
-SYSCTL_NODE(_security, OID_AUTO, stack_protect, CTLFLAG_RW, 0,
-    "-fstack-protect support");
-SYSCTL_BOOL(_security_stack_protect, OID_AUTO, permit_nonrandom_cookies,
-    CTLFLAG_RDTUN, &permit_nonrandom_cookies, 0,
-    "Allow stack guard to be used without real random cookies");
-
 void
 __stack_chk_fail(void)
 {
@ -39,37 +23,8 @@ __stack_chk_init(void *dummy __unused)
 	size_t i;
 	long guard[nitems(__stack_chk_guard)];

-	if (is_random_seeded()) {
-		arc4rand(guard, sizeof(guard), 0);
-		for (i = 0; i < nitems(guard); i++)
-			__stack_chk_guard[i] = guard[i];
-		return;
-	}
-
-	if (permit_nonrandom_cookies) {
-		printf("%s: WARNING: Initializing stack protection with "
-		    "non-random cookies!\n", __func__);
-		printf("%s: WARNING: This severely limits the benefit of "
-		    "-fstack-protector!\n", __func__);
-
-		/*
-		 * The emperor is naked, but I rolled some dice and at least
-		 * these values aren't zero.
-		 */
-		__stack_chk_guard[0] = (long)0xe7318d5959af899full;
-		__stack_chk_guard[1] = (long)0x35a9481c089348bfull;
-		__stack_chk_guard[2] = (long)0xde657fdc04117255ull;
-		__stack_chk_guard[3] = (long)0x0dd44c61c22e4a6bull;
-		__stack_chk_guard[4] = (long)0x0a5869a354edb0a5ull;
-		__stack_chk_guard[5] = (long)0x05cebfed255b5232ull;
-		__stack_chk_guard[6] = (long)0x270ffac137c4c72full;
-		__stack_chk_guard[7] = (long)0xd8141a789bad478dull;
-		_Static_assert(nitems(__stack_chk_guard) == 8,
-		    "__stack_chk_guard doesn't have 8 items");
-		return;
-	}
-
-	panic("%s: cannot initialize stack cookies because random device is "
-	    "not yet seeded", __func__);
+	arc4rand(guard, sizeof(guard), 0);
+	for (i = 0; i < nitems(guard); i++)
+		__stack_chk_guard[i] = guard[i];
 }
 SYSINIT(stack_chk, SI_SUB_RANDOM, SI_ORDER_ANY, __stack_chk_init, NULL);