1 |
On Thu, 02 Mar 2006 00:54:25 +0000 |
2 |
Duncan Coutts <dcoutts@g.o> wrote: |
3 |
|
4 |
> On Thu, 2006-03-02 at 00:41 +0000, Roy Marples wrote: |
5 |
> > For the non technically minded folks whats the difference between |
6 |
> > -fno-stack-protector and -fno-stack-protector-all? |
7 |
> [...] |
8 |
> It was explained to me like this: |
9 |
> |
10 |
> -fno-stack-protector makes gcc use a heuristic to decide whether or |
11 |
> not change a function to use stack-smashing protection. |
12 |
> |
13 |
> -fno-stack-protector-all makes gcc just do it for every function. |
14 |
|
15 |
not quite (note the 'no-'!): |
16 |
|
17 |
In gcc-3: |
18 |
|
19 |
-fstack-protector switches on stack protection for functions that gcc |
20 |
decides heuristically to be most vulnerable according to their |
21 |
parameters and local data. |
22 |
|
23 |
-fstack-protector-all switches on stack protection for (almost) all |
24 |
functions |
25 |
|
26 |
-fno-stack-protector switches off -fstack-protector |
27 |
|
28 |
-fno-stack-protector-all switches off -fstack-protector-all |
29 |
|
30 |
Of note is that: |
31 |
... -fstack-protector -fstack-protector-all -fno-stack-protector |
32 |
results in no ssp at all |
33 |
|
34 |
... -fstack-protector -fstack-protector-all -fno-stack-protector-all |
35 |
results in heuristic ssp switched on |
36 |
|
37 |
|
38 |
For gcc-4.1, the semantics have changed as RedHat Did Their Own Thing |
39 |
and broke backwards compatibility: |
40 |
1) -fno-stack-protector-all does not exist |
41 |
2) stack protection is viewed as a three-state setting configured by |
42 |
the last occurring switch from the set |
43 |
|
44 |
-fno-stack-protector - no stack protection |
45 |
-fstack-protector - heuristic stack protection |
46 |
-fstack-protector-all - stack protection on all functions |
47 |
|
48 |
(imo they should have done something like -fstack-protect[N] for |
49 |
N=0,1,2 which would have been clearer, but I got ignored when I |
50 |
suggested it) |
51 |
|
52 |
Since 'last option wins' in the RedHat version, |
53 |
|
54 |
'-fstack-protector-all -fstack-protector' gives heuristic ssp, whereas |
55 |
on gcc-3 it gives full ssp. |
56 |
|
57 |
|
58 |
Upshot - managing ssp has become a bit of a pita :/ (gcc-4 is |
59 |
currently masked in the hardened profile, primarily because gcc-4.0 has |
60 |
no ssp, but going forward also until we decide what to do with the |
61 |
hardened specs on gcc-4.1). |
62 |
|
63 |
> there is also: |
64 |
> |
65 |
> -fno-stack-protector-to-all which if supplied makes |
66 |
> -fno-stack-protector get promoted to -fno-stack-protector-all. |
67 |
> Apparently -fno-stack-protector-to-all is on by default in all |
68 |
> current gcc profiles so that means that at the moment if you specify |
69 |
> -fno-stack-protector you really get -fno-stack-protector-all. |
70 |
|
71 |
there is no '-fno-stack-protector-to-all' as such. the gcc specs we |
72 |
change (in gcc-3) currently switch -fstack-protector-all on if |
73 |
-fstack-protector is set (either on the command line or automatically |
74 |
in the case of the hardened compiler). This occurs also with the |
75 |
vanilla compiler - which is a bug although very few people |
76 |
(if any) come across it as the only supported way to use the |
77 |
stack protector at the moment is by using the hardened compiler. |
78 |
|
79 |
-- |
80 |
Kevin F. Quinn |