Gentoo Archives: gentoo-amd64

From: "Kevin F. Quinn" <kevquinn@g.o>
To: gentoo-amd64@l.g.o
Subject: Re: [gentoo-amd64] Questions about No Execute and security
Date: Thu, 06 Oct 2005 18:06:40
Message-Id: Q6NNCQ111E5W3.668901197H66D9@gentoo.org
In Reply to: Re: [gentoo-amd64] Questions about No Execute and security by Richard Freeman
1 On 6/10/2005 10:16:49, Richard Freeman (rich@××××××××××××××.net) wrote:
2
3 > Too bad the latest firefox upgrade filters out -fstack-protector...
4
5 This is because the stack-protector isn't perfect, and can cause the compiler to generate incorrect code or fail to compile completely. In the case of firefox the stack protector either causes gcc to generate broken code or to fail compilation. However now that stack protection is going more mainstream with heavyweight distros like RedHat actively pursuing it (they've rewritten it from scratch for 4.x), we can expect its reliability to improve in the long term.
6
7 > I don't run hardened per-se, but I do use stack-smashing protection.
8
9 If by using stack-smashing protection you mean you've stuck '-fstack-protector' in your make.conf CFLAGS, it's recommended that you remove that and switch to using the hardened compiler (gcc-config is your friend). The hardened compiler goes through some hoops to avoid the stack protector in the most obvious places it shouldn't be enabled (for example executables that don't link to glibc), but putting it in CFLAGS is indiscriminate and will definitely cause breakage.
10
11 > I'm not sure why it isn't a default-supported config on gentoo. A fair
12 > number of ebuilds don't work with it.
13
14 You've answered your own observation there - the reason non-hardened (i.e. default) Gentoo doesn't use the stack protector is that it causes too much breakage. There are also people who would rather not pay the (small) speed penalty the stack protector incurs, and even some people who believe that the stack protector should not be used instead the buffer overflows should be fixed (how they expect to find all such bugs I have never ascertained). As far as "supported" goes - well, ssp and ASLR are supported by the hardened project http://www.gentoo.org/proj/en/hardened/ on architectures for which we are confident it works reasonably well.
15
16 > We also used to have the
17 > grsecurity patches in gentoo-sources, but I don't think this is the case
18 > anymore.
19
20 You'll find the grsecurity patches in the hardened-sources kernel. The grsecurity patches lag somewhat behind the kernel mainline, so they're not suitable for gentoo-sources.
21
22 > It seems odd that these aren't standard gentoo features. That would
23 > probably give them more widespread support rather than devs just looking
24 > at you funny when you mention having something other than -O2 in your
25 > CFLAGS.
26
27 Well, the situation is always improving but generally speaking the hardening causes too much breakage to be made a default. With regards -O2, we've seen a fair amount breakage when combining -fstack-protector and -O3, which is why we (hardened) generally recommend -O2 rather than -O3. Maybe the 4.0 series ssp will be more consistent, but we'll have to wait and see.
28
29 > Other than for debugging is there any reason not to have
30 > stack-smashing protection and address-space randomization?
31
32 SSP doesn't cause any particular problem for debugging. Address-space randomisation does a little, but you just need to link -pie and switch off the PaX memory protection for the executable you want to debug.
33
34 Kev.
35
36
37
38 --
39 gentoo-amd64@g.o mailing list

Replies

Subject Author
Re: [gentoo-amd64] Questions about No Execute and security Barry.SCHWARTZ@×××××××××××××.org