Hi, On Tue, Oct 27, 2009 at 01:30:12PM -0200, Henrique de Moraes Holschuh wrote: > On Mon, 26 Oct 2009, Gabor Gombas wrote: > > On Mon, Oct 26, 2009 at 11:14:25AM +0100, Bastian Blank wrote: > > > On Sun, Oct 25, 2009 at 11:55:25AM -0700, Kees Cook wrote: > > > > I would like to propose enabling[1] the GCC hardening patches that > > > > Ubuntu > > > > uses[2]. > > > > > > How do they work? Do they also change the free-standing compiler or only > > > the hosted one? There is a lot of software, which (I would say) missuse > > > the hosted compiler to build non-userspace-code, including the Linux > > > kernel. > > > > It seems the kernel will not be happy if the stack protector is switched > > on unconditionally: > > > > http://osdir.com/ml/linux-kernel/2009-10/msg07064.html > > Indeed. The kernel build system needs to be able to command whether > stackprotect is enabled or not without surprises... > > I assume very performance-critical applications will also need it disabled, > if they have hot paths where dcache footprint matters. But I think we can > safely assume these will be quite rare, so as long as one can disable the > stackprotector easily enough through CFLAGS, we could just do it in a > case-by-case basis on debian/rules.
Right, -fno-stack-protector via CFLAGS will disable it (as will -nostdlib). The work-arounds for the default are all documented both in the gcc manpage[1] (though this would need tweaking since it currently says "Ubuntu") and on the Ubuntu wiki page I mentioned earlier[2]. The specific set of patch that would be enabled are: - http://patch-tracker.debian.org/patch/series/view/gcc-4.4/4.4.2-1/gcc-default-format-security.diff - http://patch-tracker.debian.org/patch/series/view/gcc-4.4/4.4.2-1/gcc-default-fortify-source.diff - http://patch-tracker.debian.org/patch/series/view/gcc-4.4/4.4.2-1/gcc-default-relro.diff - http://patch-tracker.debian.org/patch/series/view/gcc-4.4/4.4.2-1/gcc-default-ssp.diff - http://patch-tracker.debian.org/patch/series/view/gcc-4.4/4.4.2-1/testsuite-hardening-format.diff - http://patch-tracker.debian.org/patch/series/view/gcc-4.4/4.4.2-1/testsuite-hardening-fortify.diff - http://patch-tracker.debian.org/patch/series/view/gcc-4.4/4.4.2-1/testsuite-hardening-printf-types.diff (I am trying[3], since they are general improvements, to get the latter 2 accepted by upstream gcc so our gcc package doesn't need to carry them.) -Kees [1] http://manpages.ubuntu.com/manpages/karmic/man1/gcc.1.html ... NOTE: In Ubuntu 6.10 and later versions this option is enabled by default for C, C++, ObjC, ObjC++, if neither @option{-fno-stack-protector} nor @option{-nostdlib} are found. ... [2] https://wiki.ubuntu.com/CompilerFlags [3] http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39536 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=39537 -- Kees Cook @debian.org -- To UNSUBSCRIBE, email to debian-gcc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
