more stack protector fun

Robert Connolly robert at linuxfromscratch.org
Sun Jan 2 05:37:06 PST 2005


>From what I gather it looks like libraries can be built with 
-fstack-protector-all. I think it's because libc.so will always get loaded in 
conjunction with the other library, and so the __guard value always gets 
filled. The newer uclibc's are building everything except libc.so and ld.so 
with -fstack-protector-all. They don't have detailed comments, but I'm 
guessing libc.so and ld.so can't be built with fstack because it's a circular 
dependency, and/or because if either of these objects overflow/segfault then 
the protection code won't get run anyway.

Attached is a patch for chapter 6's Glibc. It adds -fstack-protector-all to:
gencat, getconf, getent, iconv, iconvconfig, ldconfig, sprof, sln, lddlibc4, 
locale, localedef, nscd, nscd_nischeck, pcprofiledump, pt_chown, utmpdump, 
rpcgen, rpcinfo, zdump, and zic

Tests get -fno-stack-protector; it wasn't really needed at this point but I 
added them while I was at it. I ran 'make check' with this patch and it 
passes.

The only exception, so far, is sysctl.c. It gives me this:
stack overflow in function __sysctl()
make[2]: *** [/sources/hlfs-packages/glibc-build/sunrpc/xbootparam_prot.stmp] 
Aborted

for whatever reason. So I added -fno-stack for sysctl.c.

I know the patch is sorta big; 857 lines so far (in the pre3 version). I can't 
use global cflags in the makefiles because the tests will fail. The only way 
I could do it was adding a cflags definition for each C file, one by one.

Now I started adding libraries to the patch (libcrypt, libintl, libresolv). If 
Binutils and GCC get matching patches then the sspspecs patch can get a bunch 
of the filters removed. Libraries like ncurses, etc, could start getting 
fstack-prot-all (transparently), so we get max protection. Most of the 
filters are there just for the 3 toolchain packages, nothing else complains 
about using no filters.

Another thing. For fun I tried adding -fpie to the above utilities. Gencat, 
and getconf, have non-pic assembly code. So I quit after trying those two. 
Some of them may be able to link statically and pass the tests, but some 
might not (I tried before). This would help the rebuildability problem with 
glibc and grsec.

This shouldn't take me too much longer. Maybe a day or two. I got sidetracked. 
I'll try to finish updating the book after.

Idealy this patch would only set -fno-stack-prot for libc.so, ld.so, and the 
tests, and have gcc doing -fstack-prot-all on everything by default. That 
patch would be the least intrusive and problematic possible. But there are 
167 makefiles in Glibc, so I'll start with this patch and a gcc that does not 
have default fstack-prot, ie: generic specsfile (as-per instructions in the 
current svn glibc chapter6).

/me sleeps
robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: glibc-2.3.4-fstack_protector-1.patch-pre2
Type: text/x-diff
Size: 32221 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20050102/6ad625f9/attachment.diff>


More information about the hlfs-dev mailing list