Patch: Blowfish and SHA support for crypt

Rich Felker dalias at aerifal.cx
Tue Nov 1 02:54:03 UTC 2011


On Mon, Oct 31, 2011 at 11:40:10PM +0000, Ed W wrote:
> On 24/10/2011 12:37, Rich Felker wrote:
> > On Mon, Oct 24, 2011 at 01:00:05PM +0200, Bernhard Reutner-Fischer wrote:
> >> As to the sha256 implementation, it uses nested functions and as such
> >> will fail to build for (ancient) c89/c90 only bootstrap compilers, so
> >> please note this fact in the help-text of the config entry.
> >> PS: please don't forget a Signed-off-by line when you resend.
> > Much worse, it will fail for any actual C compiler (as opposed to "GNU
> > C" compilers) as well as on any system with non-executable stack.
> 
> That kind of alarms me a bit then because I'm building this on a gentoo
> hardened machine which *should* have a recent grsec kernel and most of
> the hardening knobs enabled for gcc.  I'm actually slightly unsure what

On systems that support it (Linux included), GNU ld emits a special
ELF header requesting executable stack whenever any linked object file
is marked as needing it, and gcc in turn marks object files if they
have used nested functions. Thus, aside from being a hideous gcc
extension, nested functions are generally considered a security
concern, since they'll make your whole program run with executable
stack.

Rich


More information about the uClibc mailing list