[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Switch on compiler hardening defaults

On Thu, Oct 29, 2009 at 10:01:08PM -0200, Henrique de Moraes Holschuh wrote:
> On Tue, 27 Oct 2009, Kees Cook wrote:
> > On Mon, Oct 26, 2009 at 11:14:25AM +0100, Bastian Blank wrote:
> > > On Sun, Oct 25, 2009 at 11:55:25AM -0700, Kees Cook wrote:
> > > > I would like to propose enabling[1] the GCC hardening patches that Ubuntu
> > > > uses[2].
> > > 
> > > How do they work? Do they also change the free-standing compiler or only
> > > the hosted one? There is a lot of software, which (I would say) missuse
> > > the hosted compiler to build non-userspace-code, including the Linux
> > > kernel.
> > 
> > The stack protector is conditional on being linked with libc, so, if you
> > build with -nostdlib (as the kernel does), it is implicitly disabled.
> This doesn't make sense.  The kernel can, and does use stack protector
> functionality for its built if you ask it to.  Do you mean the defaults are
> changed only when -nostdlib is NOT given?

Yes, I was a bit unclear, sorry.  The -fstack-protector option is not
added to the option list when either -fno-stack-protector or -nostdlib
are already in the option list.  The GCC spec[1] for this is:


If you add -fstack-protector to a build (regardless of -nostdlib), gcc
will attempt to use the stack protector.  This is how the kernel builds
when the CC_STACKPROTECTOR option is enabled.

And I can prove this works.  :)  The Ubuntu kernel uses both the hardened
compiler and the CC_STACKPROTECTOR option, and you can see the results on
an Ubuntu system:
$ readelf -s /lib/modules/$(uname -r)/kernel/fs/nfs/nfs.ko | grep stack_chk
  1114: 0000000000000000     0 NOTYPE  GLOBAL DEFAULT  UND __stack_chk_fail


[1] http://patch-tracker.debian.org/patch/series/view/gcc-4.4/4.4.2-1/gcc-default-ssp.diff

Kees Cook                                            @debian.org

Reply to: