[Please keep both <bug-hurd@gnu.org> and <grub-devel@gnu.org> in the recipients list.]
Hello!
For some time, GCC now offers the following feature:
info Gcc
#v+
`-fstack-protector'
Emit extra code to check for buffer overflows, such as stack
smashing attacks. This is done by adding a guard variable to
functions with vulnerable objects. This includes functions that
call alloca, and functions with buffers larger than 8 bytes. The
guards are initialized when a function is entered and then checked
when the function exits. If a guard check fails, an error message
is printed and the program exits.
#v-
I now happen to be running a GCC 4.1 installation which has that one
enabled by default. Unfortunately, building GNU Mach and GRUB2 (didn't
check GRUB legacy) is affected by that:
GRUB2
#v+
[...]
gcc -o kernel.exec kernel_img-kern_i386_pc_startup.o kernel_img-kern_main.o
kernel_img-kern_device.o kernel_img-kern_disk.o kernel_img-kern_dl.o
kernel_img-kern_file.o kernel_img-kern_fs.o kernel_img-kern_err.o
kernel_img-kern_misc.o kernel_img-kern_mm.o kernel_img-kern_loader.o
kernel_img-kern_rescue.o kernel_img-kern_term.o kernel_img-kern_i386_dl.o
kernel_img-kern_i386_pc_init.o kernel_img-kern_parser.o
kernel_img-kern_partition.o kernel_img-kern_env.o
kernel_img-disk_i386_pc_biosdisk.o kernel_img-term_i386_pc_console.o
kernel_img-symlist.o -nostdlib -Wl,-N,-Ttext,8200 -fno-builtin -mrtd
-mregparm=3 -m32
kernel_img-kern_device.o: In function `grub_device_iterate':
../kern/device.c:142: undefined reference to `__stack_chk_fail'
kernel_img-kern_disk.o: In function `grub_disk_write':
../kern/disk.c:553: undefined reference to `__stack_chk_fail'
kernel_img-kern_misc.o: In function `grub_vsprintf':
../kern/misc.c:897: undefined reference to `__stack_chk_fail'
kernel_img-kern_rescue.o: In function `grub_rescue_cmd_cat':
../kern/rescue.c:169: undefined reference to `__stack_chk_fail'
kernel_img-kern_i386_pc_init.o: In function `grub_machine_set_prefix':
../kern/i386/pc/init.c:239: undefined reference to `__stack_chk_fail'
kernel_img-kern_parser.o:../kern/parser.c:230: more undefined references to
`__stack_chk_fail' follow
collect2: ld returned 1 exit status
make: *** [kernel.exec] Error 1
#v-
GNU Mach
#v+
[...]
ld -u _start -r -o gnumach.o --start-group libkernel.a liblinux.a
liblinux_pcmcia_cs_modules.a liblinux_pcmcia_cs_clients.a
liblinux_pcmcia_cs_wireless.a
nm -u gnumach.o | sed 's/ *U *//;s/^_*//' | sort -u > gnumach-undef
sed '/^memcpy$/d; /^memmove$/d; /^memset$/d; /^bcopy$/d; /^bzero$/d;
/^strchr$/d; /^strstr$/d; /^strsep$/d; /^strpbrk$/d; /^strtok$/d; /^htonl$/d;
/^htons$/d; /^ntohl$/d; /^ntohs$/d; /^etext$/d; /^edata$/d; /^end$/d;'
gnumach-undef > gnumach-undef-bad
if test -s gnumach-undef-bad; \
then cat gnumach-undef-bad; exit 2; else true; fi
stack_chk_fail
make[2]: *** [clib-routines.o] Error 2
make[2]: Leaving directory
`/fs/data/mount/home/thomas/tmp/source/gnumach/gnumach-1-branch/build'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory
`/fs/data/mount/home/thomas/tmp/source/gnumach/gnumach-1-branch/build'
make: *** [all] Error 2
#v-
Is it feasible to have the `-fstack-protector' functionality in GNU Mach
and GRUB2 (and how to do that, then) or shall we unconditionally pass
`-fno-stack-protector' if available?
Regards,
Thomas
signature.asc
Description: Digital signature
_______________________________________________ Bug-hurd mailing list Bug-hurd@gnu.org http://lists.gnu.org/mailman/listinfo/bug-hurd
