| 1 |
The systemd priv-esc (CVE-2018-16864) got me reading gcc's man page on |
| 2 |
-fstack-clash-protection, since |
| 3 |
https://www.theregister.co.uk/2019/01/10/systemd_bugs_qualys/ claims that |
| 4 |
systems with it enabled are not vulnerable. I already have -fstack-check, |
| 5 |
however, if I try to run both, gcc 8.2 complains; |
| 6 |
|
| 7 |
cc1: warning: ‘-fstack-check=’ and ‘-fstack-clash_protection’ are mutually |
| 8 |
exclusive. Disabling ‘-fstack-check=’ |
| 9 |
|
| 10 |
(there's a typo in gcc's message, the underscore should be a dash) |
| 11 |
|
| 12 |
Is -fstack-clash-protection safer than -fstack-check? From the man page it |
| 13 |
sounds like that's the case, but i'm not sure i understand what i'm |
| 14 |
reading. My lay person understanding is; |
| 15 |
stack-check verifies that memory is not accessed past what should be the |
| 16 |
end of the stack (based on the memory range allocated for the stack?). |
| 17 |
stack-clash-protection accesses each location iteratively so that it can be |
| 18 |
checked for the guard page (end of stack marker) before going further. |
Archives