On Wednesday February 13 2008 12:27:51 pm Petr Cerny wrote: > Robert Connolly wrote: > > On Tuesday February 12 2008 11:20:57 am Petr Cerny wrote: > >> Hi, > >> > >> I'm a little bit confused by the section of important tests in 5.9. > >> (Version SVN-20080118) - should: > >> > >> $gcc -o strcat-overflow strcat-overflow.c -U_FORTIFY_SOURCE > >> > >> really produce stack-smashing-protected binary (as indicated by stated > >> output)? I'd rather expect it producing a non-protected program, which > >> is exactly what happens for my build (not by-the-book as I'm trying > >> x86-64). > > > > The -U_FORTIFY_SOURCE does not disable stack protection. If the program > > does a segmentation fault then ssp isn't on by default for you. Retry > > with -fstack-protector-all just to see if it works. I don't think you > > applied the gcc-fstack_protector patch. The ssp patch should work for > > every architecture (the fpie patch probably doesn't work for x86-64). > > Thanks for prompt answer. Meanwhile, I've made myself clear the > difference between ssp and _FORTIFY_SOURCE - which was the cause of > misunderstanfing in this case. The stack-smashing protector works for me > in 64bit binary however, I had to supply the test program much longer > string (about 25bytes) - maybe stack is differently organized or aligned > on x86-64 or some additional registers get stored between the canary and > the string?
I think it has more to do with libc than gcc, but I'm just guessing.
> As for the fpie patch: is there some (simple) way to test whether it
> works for x86-64? (It will probably require some update as there are
> some sections which modify only "32bit parts" of gcc).
readelf -ld strcat-overflow | \
grep -E 'Shared object|TEXTREL'
If it's not working, the patch should be pretty simple. Try to tell me if
gcc/config/ia64/linux.h is a file you use, instead of
gcc/config/i386/linux.h. The patch for both files will be the same. I'll add
the x86-64 difference if you can test it.
robert
pgptW0FXpsmdM.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
