On Sun, Apr 5, 2015 at 6:44 PM, Sandra Loosemore
<san...@codesourcery.com> wrote:
> On 04/03/2015 01:34 PM, Joseph Myers wrote:
>>
>> On Tue, 31 Mar 2015, Ilya Enkovich wrote:
>>
>>> +library. It also passes '-z bndplt' to a linker in case it supports
>>> this
>>> +option (which is checked on libmpx configuration). Note that old
>>> versions
>>> +of linker may ignore option. Gold linker doesn't support '-z bndplt'
>>> +option. With no '-z bndplt' support in linker all calls to dynamic
>>> libraries
>>> +lose passed bounds reducing overall protection level. It's highly
>>> +recommended to use linker with '-z bndplt' support. In case such linker
>>> +is not available it is adviced to always use
>>> @option{-static-libmpxwrappers}
>>> +for better protection level or use @option{-static} to completely avoid
>>> +external calls to dynamic libraries. MPX-based instrumentation
>>
>>
>> Use @samp{-z bndplt} rather than '' quoting (but Sandra may have further
>> advice on the substance of this documentation).
>
>
> To tell the truth, I can't figure out what this means from a user
> perspective. How does a user know whether the linker option is being
> ignored, or if they have a new enough linker? If the linker available at
> configuration time doesn't support the option, does that mean the option
> will never be passed and users will never know that there are gaping holes
> in the pointer bounds checking?
>
> My suggestion would be to pass the option unconditionally and make the
> documentation say something like
I totally agree with it.
> It also passes @option{-z bndplt} to the linker. LD version xxx or later is
> required to use this feature. If no linker support for @option{-z bndplt}
> is available, you should link with @option{-static-libmpxwrappers} or
> @option{-static} instead; otherwise calls to dynamic libraries lose bounds
> checking protection.
>
This implies that -static-libmpxwrappers will cover all dynamic libraries,
which isn't true. -static-libmpxwrappers only covers calls to functions
defined in libmpxwrappers.so and leaves calls to functions defined in
other dynamic libraries open to buffer overflow.
--
H.J.
