On 6/10/2005 10:16:49, Richard Freeman ([EMAIL PROTECTED]) wrote: > Too bad the latest firefox upgrade filters out -fstack-protector...
This is because the stack-protector isn't perfect, and can cause the compiler to generate incorrect code or fail to compile completely. In the case of firefox the stack protector either causes gcc to generate broken code or to fail compilation. However now that stack protection is going more mainstream with heavyweight distros like RedHat actively pursuing it (they've rewritten it from scratch for 4.x), we can expect its reliability to improve in the long term. > I don't run hardened per-se, but I do use stack-smashing protection. If by using stack-smashing protection you mean you've stuck '-fstack-protector' in your make.conf CFLAGS, it's recommended that you remove that and switch to using the hardened compiler (gcc-config is your friend). The hardened compiler goes through some hoops to avoid the stack protector in the most obvious places it shouldn't be enabled (for example executables that don't link to glibc), but putting it in CFLAGS is indiscriminate and will definitely cause breakage. > I'm not sure why it isn't a default-supported config on gentoo. A fair > number of ebuilds don't work with it. You've answered your own observation there - the reason non-hardened (i.e. default) Gentoo doesn't use the stack protector is that it causes too much breakage. There are also people who would rather not pay the (small) speed penalty the stack protector incurs, and even some people who believe that the stack protector should not be used instead the buffer overflows should be fixed (how they expect to find all such bugs I have never ascertained). As far as "supported" goes - well, ssp and ASLR are supported by the hardened project http://www.gentoo.org/proj/en/hardened/ on architectures for which we are confident it works reasonably well. > We also used to have the > grsecurity patches in gentoo-sources, but I don't think this is the case > anymore. You'll find the grsecurity patches in the hardened-sources kernel. The grsecurity patches lag somewhat behind the kernel mainline, so they're not suitable for gentoo-sources. > It seems odd that these aren't standard gentoo features. That would > probably give them more widespread support rather than devs just looking > at you funny when you mention having something other than -O2 in your > CFLAGS. Well, the situation is always improving but generally speaking the hardening causes too much breakage to be made a default. With regards -O2, we've seen a fair amount breakage when combining -fstack-protector and -O3, which is why we (hardened) generally recommend -O2 rather than -O3. Maybe the 4.0 series ssp will be more consistent, but we'll have to wait and see. > Other than for debugging is there any reason not to have > stack-smashing protection and address-space randomization? SSP doesn't cause any particular problem for debugging. Address-space randomisation does a little, but you just need to link -pie and switch off the PaX memory protection for the executable you want to debug. Kev. -- [email protected] mailing list
