Stack-Smash Protector

dagmar at speakeasy.net dagmar at speakeasy.net
Sun Sep 29 16:32:13 PDT 2002


On Sun, 29 Sep 2002, Bob Kimmel wrote:

> > Anyone have any luck building glibc-2.2.5-2 with a
> > stack-protection-enabled gcc 3.2?  It breaks on me in the early stages
> > of compilation.
> >
> > The stack protector is a gcc patch by Hiroaki Etoh (IBM) that causes gcc
> > to insert stack protection code into binaries during compilation.  Check
> > it out:   http://www.trl.ibm.com/projects/security/ssp/
> >
>
> I have no information on the question you are asking, but would
> be interested in anyone's experience with this patch or any of
> the competing products/patches.  The web site referenced above
> has a link to some articles, in which this patch does fairly well
> relative to some other software, but maybe this web site is biased :-)
> What are opinions on this?  If I can live with a mild performance
> degradation, is there any reason not to use this patch?  (Other than
> failure to compile glibc-2.2.5-2 :-)) Is another piece of software
> better?  Should such a patch be used when compiling the kernel?  (I'm
> guessing "no", but not really sure.) Are there some pieces of software
> that should be compiled with it, while others should be left alone? etc.
> It looks like it is a command-line option, so it should be easy to
> mix and match software if that is appropriate.

POSIX compliance dictates that the stack should be executeable.  This is,
of course, intensely obnoxious, since almost no modern software actually
needs this feature anymore, but since the alternative is to teach
programmers how to perform simple mathematics problems (such as counting
the length of the allocated bytes and comparing it to the allocated space
they're trying to copy it to) our alternatives are clear.  We have to
disable stack executeability to dodge a class of exploits that practically
eclipses all others now.

To my knowlege, glibc is the one thing you weren't supposed to be building
with these kinds of patches built into the compiler, from way way back.

There's no hard and fast rule for when you should be attempting to use
this modification to the compiler, but some folks might be much happier
simply sticking with using the OpenWall patches for the same purpose.

...and of course no amount of patching to the system should be taken as a
substitute for careful attention to policy and best practices
(particularly principle of least privledge) frequent backups, and a nice
sharp axe to lop off the heads of the disgruntled former employees before
they can abuse their access privledges.  ;)

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list