1 |
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt |
2 |
The advisory suggests: |
3 |
1. Increase the size of the stack guard-page to at least 1MB |
4 |
- I skip this point |
5 |
2. Recompile all userland code with GCC's "-fstack-check" option |
6 |
- I checked current and recent gcc versions. |
7 |
|
8 |
6.3.0 seems to be fine: |
9 |
gcc version 6.3.0 (Gentoo Hardened 6.3.0 p1.0) |
10 |
gcc -dumpspecs | grep -B 1 stack-check |
11 |
*cc1: |
12 |
%{!mandroid|tno-android-cc:%(cc1_cpu) %{profile:-p};:%(cc1_cpu) |
13 |
%{profile:-p} %{!mglibc:%{!muclibc:%{!mbionic: -mbionic}}} |
14 |
%{!fno-pic:%{!fno-PIC:%{!fpic:%{!fPIC: |
15 |
-fPIC}}}}}%{fstack-check|fstack-check=*:;: -fstack-check} |
16 |
|
17 |
5.4.0 also looks fine: |
18 |
gcc version 5.4.0 (Gentoo Hardened 5.4.0-r3 p1.3, pie-0.6.5) |
19 |
gcc -dumpspecs | grep -B 1 stack-check |
20 |
*esp_cc1_ssp: |
21 |
%{!fno-stack-protector: %{!fno-stack-protector-all: %{!fno-stack-check: }}} |
22 |
-- |
23 |
*esp_options_ssp: |
24 |
%{nostdlib|ffreestanding|fno-stack-protector|fstack-protector| |
25 |
fstack-protector-all|fstack-protector-strong:;:-fstack-protector-all} |
26 |
%{fstack-check|fstack-check=*:;: -fstack-check} |
27 |
|
28 |
I assume it is OK like this. |
29 |
Please confirm this conclusion. |
30 |
Thx: Dw. |
31 |
-- |
32 |
dr Tóth Attila, Radiológus, 06-20-825-8057 |
33 |
Attila Toth MD, Radiologist, +36-20-825-8057 |