| 1 |
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt |
| 2 |
The advisory suggests: |
| 3 |
1. Increase the size of the stack guard-page to at least 1MB |
| 4 |
- I skip this point |
| 5 |
2. Recompile all userland code with GCC's "-fstack-check" option |
| 6 |
- I checked current and recent gcc versions. |
| 7 |
|
| 8 |
6.3.0 seems to be fine: |
| 9 |
gcc version 6.3.0 (Gentoo Hardened 6.3.0 p1.0) |
| 10 |
gcc -dumpspecs | grep -B 1 stack-check |
| 11 |
*cc1: |
| 12 |
%{!mandroid|tno-android-cc:%(cc1_cpu) %{profile:-p};:%(cc1_cpu) |
| 13 |
%{profile:-p} %{!mglibc:%{!muclibc:%{!mbionic: -mbionic}}} |
| 14 |
%{!fno-pic:%{!fno-PIC:%{!fpic:%{!fPIC: |
| 15 |
-fPIC}}}}}%{fstack-check|fstack-check=*:;: -fstack-check} |
| 16 |
|
| 17 |
5.4.0 also looks fine: |
| 18 |
gcc version 5.4.0 (Gentoo Hardened 5.4.0-r3 p1.3, pie-0.6.5) |
| 19 |
gcc -dumpspecs | grep -B 1 stack-check |
| 20 |
*esp_cc1_ssp: |
| 21 |
%{!fno-stack-protector: %{!fno-stack-protector-all: %{!fno-stack-check: }}} |
| 22 |
-- |
| 23 |
*esp_options_ssp: |
| 24 |
%{nostdlib|ffreestanding|fno-stack-protector|fstack-protector| |
| 25 |
fstack-protector-all|fstack-protector-strong:;:-fstack-protector-all} |
| 26 |
%{fstack-check|fstack-check=*:;: -fstack-check} |
| 27 |
|
| 28 |
I assume it is OK like this. |
| 29 |
Please confirm this conclusion. |
| 30 |
Thx: Dw. |
| 31 |
-- |
| 32 |
dr Tóth Attila, Radiológus, 06-20-825-8057 |
| 33 |
Attila Toth MD, Radiologist, +36-20-825-8057 |
Archives