On 12/05/10 16:49, Jan de Groot wrote:
On Wed, 2010-05-12 at 12:35 +1000, Allan McRae wrote:
Hi,
We have a bug report asking to enable stack-smashing protection in our
package building. Looking at the overhead estimates by other distros
that use it, overall it appears fairly minimal (OpenBSD says 1.3% on
average). There used to be some build issues (see bottom of this page
for Ubuntu report: https://wiki.ubuntu.com/GccSsp), but I am not sure of
the current status. Also, it can be disabled with -fno-stack-protector
if needed.
I am in favour of doing this. I think adding -fstack-protector is
enough as that adds protection to only functions "vulnerable" to buffer
overflows (as defined by gcc... mainly character arrays) while
-fstack-protector-all adds it to all functions.
We should maybe also add -D_FORTIFY_SOURCE=2. This detects some buffer
overflows compile time and others at run time. It was designed to have
minimal runtime overhead.
Any opinions?
Given the fact that GCC 4.5 produces broken binaries with software that
needs -fno-strict-aliasing (busybox comes to mind, but also others), I
don't think it's good to introduce such a change now. Our toolchain
should get fixed before we attempt to add more features to our compiler
flags.
There is a fix on the gcc bug tracker but I am waiting for it to be
backported to gcc-4.5. If it has not been done by the next toolchain
rebuild (I expect in the next week), I will backport it myself.
Anyway, it was not going to happen immediately. Sadly, nothing of this
sort can be achieved in under a multiple month timeframe around here.
But it could possibly happen with the next pacman release given that
makepkg.conf will need changed. Hence starting discussion now. Well
actually I started it a month ago on the bug tracker but only one of the
five people I assigned answered my request for comments...
The reason I bought this up again now is that there is a glibc release
tagged and the glibc package will need preparation for both this and the
new shared library stripping behaviour in makepkg so I though I would
begin this now if comments seemed positive.
Allan
