| 1 |
On Thu, 02 Mar 2006 00:54:25 +0000 |
| 2 |
Duncan Coutts <dcoutts@g.o> wrote: |
| 3 |
|
| 4 |
> On Thu, 2006-03-02 at 00:41 +0000, Roy Marples wrote: |
| 5 |
> > For the non technically minded folks whats the difference between |
| 6 |
> > -fno-stack-protector and -fno-stack-protector-all? |
| 7 |
> [...] |
| 8 |
> It was explained to me like this: |
| 9 |
> |
| 10 |
> -fno-stack-protector makes gcc use a heuristic to decide whether or |
| 11 |
> not change a function to use stack-smashing protection. |
| 12 |
> |
| 13 |
> -fno-stack-protector-all makes gcc just do it for every function. |
| 14 |
|
| 15 |
not quite (note the 'no-'!): |
| 16 |
|
| 17 |
In gcc-3: |
| 18 |
|
| 19 |
-fstack-protector switches on stack protection for functions that gcc |
| 20 |
decides heuristically to be most vulnerable according to their |
| 21 |
parameters and local data. |
| 22 |
|
| 23 |
-fstack-protector-all switches on stack protection for (almost) all |
| 24 |
functions |
| 25 |
|
| 26 |
-fno-stack-protector switches off -fstack-protector |
| 27 |
|
| 28 |
-fno-stack-protector-all switches off -fstack-protector-all |
| 29 |
|
| 30 |
Of note is that: |
| 31 |
... -fstack-protector -fstack-protector-all -fno-stack-protector |
| 32 |
results in no ssp at all |
| 33 |
|
| 34 |
... -fstack-protector -fstack-protector-all -fno-stack-protector-all |
| 35 |
results in heuristic ssp switched on |
| 36 |
|
| 37 |
|
| 38 |
For gcc-4.1, the semantics have changed as RedHat Did Their Own Thing |
| 39 |
and broke backwards compatibility: |
| 40 |
1) -fno-stack-protector-all does not exist |
| 41 |
2) stack protection is viewed as a three-state setting configured by |
| 42 |
the last occurring switch from the set |
| 43 |
|
| 44 |
-fno-stack-protector - no stack protection |
| 45 |
-fstack-protector - heuristic stack protection |
| 46 |
-fstack-protector-all - stack protection on all functions |
| 47 |
|
| 48 |
(imo they should have done something like -fstack-protect[N] for |
| 49 |
N=0,1,2 which would have been clearer, but I got ignored when I |
| 50 |
suggested it) |
| 51 |
|
| 52 |
Since 'last option wins' in the RedHat version, |
| 53 |
|
| 54 |
'-fstack-protector-all -fstack-protector' gives heuristic ssp, whereas |
| 55 |
on gcc-3 it gives full ssp. |
| 56 |
|
| 57 |
|
| 58 |
Upshot - managing ssp has become a bit of a pita :/ (gcc-4 is |
| 59 |
currently masked in the hardened profile, primarily because gcc-4.0 has |
| 60 |
no ssp, but going forward also until we decide what to do with the |
| 61 |
hardened specs on gcc-4.1). |
| 62 |
|
| 63 |
> there is also: |
| 64 |
> |
| 65 |
> -fno-stack-protector-to-all which if supplied makes |
| 66 |
> -fno-stack-protector get promoted to -fno-stack-protector-all. |
| 67 |
> Apparently -fno-stack-protector-to-all is on by default in all |
| 68 |
> current gcc profiles so that means that at the moment if you specify |
| 69 |
> -fno-stack-protector you really get -fno-stack-protector-all. |
| 70 |
|
| 71 |
there is no '-fno-stack-protector-to-all' as such. the gcc specs we |
| 72 |
change (in gcc-3) currently switch -fstack-protector-all on if |
| 73 |
-fstack-protector is set (either on the command line or automatically |
| 74 |
in the case of the hardened compiler). This occurs also with the |
| 75 |
vanilla compiler - which is a bug although very few people |
| 76 |
(if any) come across it as the only supported way to use the |
| 77 |
stack protector at the moment is by using the hardened compiler. |
| 78 |
|
| 79 |
-- |
| 80 |
Kevin F. Quinn |
Archives