On Sun, Apr 5, 2015 at 6:44 PM, Sandra Loosemore <san...@codesourcery.com> wrote: > On 04/03/2015 01:34 PM, Joseph Myers wrote: >> >> On Tue, 31 Mar 2015, Ilya Enkovich wrote: >> >>> +library. It also passes '-z bndplt' to a linker in case it supports >>> this >>> +option (which is checked on libmpx configuration). Note that old >>> versions >>> +of linker may ignore option. Gold linker doesn't support '-z bndplt' >>> +option. With no '-z bndplt' support in linker all calls to dynamic >>> libraries >>> +lose passed bounds reducing overall protection level. It's highly >>> +recommended to use linker with '-z bndplt' support. In case such linker >>> +is not available it is adviced to always use >>> @option{-static-libmpxwrappers} >>> +for better protection level or use @option{-static} to completely avoid >>> +external calls to dynamic libraries. MPX-based instrumentation >> >> >> Use @samp{-z bndplt} rather than '' quoting (but Sandra may have further >> advice on the substance of this documentation). > > > To tell the truth, I can't figure out what this means from a user > perspective. How does a user know whether the linker option is being > ignored, or if they have a new enough linker? If the linker available at > configuration time doesn't support the option, does that mean the option > will never be passed and users will never know that there are gaping holes > in the pointer bounds checking? > > My suggestion would be to pass the option unconditionally and make the > documentation say something like
I totally agree with it. > It also passes @option{-z bndplt} to the linker. LD version xxx or later is > required to use this feature. If no linker support for @option{-z bndplt} > is available, you should link with @option{-static-libmpxwrappers} or > @option{-static} instead; otherwise calls to dynamic libraries lose bounds > checking protection. > This implies that -static-libmpxwrappers will cover all dynamic libraries, which isn't true. -static-libmpxwrappers only covers calls to functions defined in libmpxwrappers.so and leaves calls to functions defined in other dynamic libraries open to buffer overflow. -- H.J.