1 |
Javier J. Martínez Cabezón wrote: |
2 |
> Why did you add ssp in CFLAGS?, why not using specs directly?. I only |
3 |
> added -D_FORTIFY_SOURCE=2 in CFLAGS. glibc doesn't compile with |
4 |
> -fstack-protector-all in the CFLAGS, so you should switch to the |
5 |
> -fstack-protector to compile which is less secure than using specs |
6 |
> which compile with -fstack-protector-all which could be done. |
7 |
> |
8 |
> |
9 |
|
10 |
The short answer is that its the easiest compromise if you want some ssp |
11 |
in gcc-4. Here's some points that I've found testing: |
12 |
|
13 |
1) Of the 630+ packages that make up either amd64 or i686 desktop |
14 |
systems, all compile fine with -fstack-protector-all with the exception |
15 |
of glibc-2.8 which still compiles with just -fstack-protector. |
16 |
|
17 |
2) This problem is not solved just using specs. You can't simply add |
18 |
some variation of |
19 |
|
20 |
*cc1_ssp: |
21 |
%{!nostdlib:%{!nodefaultlibs:-fstack-protector-all;:-fstack-protector}} |
22 |
|
23 |
It leads to problems. I'm looking at Zorry's work which is promising. |
24 |
|
25 |
3) Given points 1 and 2, a sloppy way of getting -fstack-protector-all |
26 |
is to start with a system compiled with -fstack-protector, then update |
27 |
to -fstack-protector-all, recompile with "emerge --keep-going -e world", |
28 |
and let glibc's recompilation fail. I've done this and it "works" but |
29 |
I'm not sure of the stability. |
30 |
|
31 |
4) You bring up a good point about -D_FORTIFY_SOURCE=2 which in |
32 |
retrospect I should include. Ubuntu has been using "-fstack-protector |
33 |
-O2 -D_FORTIFY_SOURCE=2" since 8.10. It adds run-time checks on buffers |
34 |
at runtime in glibc which can't hurt. |
35 |
|
36 |
5) The difference between -fstack-protector and -fstack-protector-all is |
37 |
that the former only applies ssp to functions with char buffers which |
38 |
are more vulnerable. When I tested using paxtest suite with either |
39 |
switch, I got the same results. In fact, I get the same results |
40 |
compiling with hardened gcc-3.4.6. You can see what I got at [1]. |
41 |
Paxtest doesn't cover everything, but it covers important checks and if |
42 |
any fail there is definitely reason for concern. |
43 |
|
44 |
[1] http://opensource.dyc.edu/pub/misc/ |