* [Buildroot] [PATCH] implement granular choice for stack protector
@ 2015-03-18 21:46 Steven Noonan
2015-12-26 23:46 ` Yann E. MORIN
0 siblings, 1 reply; 2+ messages in thread
From: Steven Noonan @ 2015-03-18 21:46 UTC (permalink / raw)
To: buildroot
This allows us to choose between the varying degrees of stack-smashing
protection. The differences are documented in the GCC online documentation[1].
The -fstack-protector-full option tends to be far too aggressive and have too
much of an impact on performance to be worth doing.
[1] https://gcc.gnu.org/onlinedocs/gcc-4.9.2/gcc/Optimize-Options.html
Signed-off-by: Steven Noonan <steven@uplinklabs.net>
---
Config.in | 42 ++++++++++++++++++++++++++++++++++++++----
package/Makefile.in | 10 +++++++++-
package/gcc/Config.in.host | 4 ++++
3 files changed, 51 insertions(+), 5 deletions(-)
diff --git a/Config.in b/Config.in
index 2b39d6a..0006e37 100644
--- a/Config.in
+++ b/Config.in
@@ -506,12 +506,13 @@ config BR2_GOOGLE_BREAKPAD_INCLUDE_FILES
endif
-config BR2_ENABLE_SSP
+choice
bool "build code with Stack Smashing Protection"
- depends on BR2_TOOLCHAIN_HAS_SSP
+ default BR2_SSP_STRONG if BR2_TOOLCHAIN_HAS_SSP_STRONG
+ default BR2_SSP_REGULAR
help
- Enable stack smashing protection support using GCCs
- -fstack-protector-all option.
+ Enable stack smashing protection support using GCC's
+ -fstack-protector option family.
See http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
for details.
@@ -520,6 +521,39 @@ config BR2_ENABLE_SSP
support. This is always the case for glibc and eglibc
toolchain, but is optional in uClibc toolchains.
+config BR2_SSP_NONE
+ bool "None"
+ help
+ Disable stack-smashing protection.
+
+config BR2_SSP_REGULAR
+ bool "-fstack-protector"
+ depends on BR2_TOOLCHAIN_HAS_SSP
+ help
+ Emit extra code to check for buffer overflows, such as stack smashing
+ attacks. This is done by adding a guard variable to functions with
+ vulnerable objects. This includes functions that call alloca, and
+ functions with buffers larger than 8 bytes. The guards are initialized
+ when a function is entered and then checked when the function exits. If
+ a guard check fails, an error message is printed and the program exits.
+
+config BR2_SSP_STRONG
+ bool "-fstack-protector-strong"
+ depends on BR2_TOOLCHAIN_HAS_SSP
+ depends on BR2_TOOLCHAIN_HAS_SSP_STRONG
+ help
+ Like -fstack-protector but includes additional functions to be protected
+ ? those that have local array definitions, or have references to local
+ frame addresses.
+
+config BR2_SSP_ALL
+ bool "-fstack-protector-all"
+ depends on BR2_TOOLCHAIN_HAS_SSP
+ help
+ Like -fstack-protector except that all functions are protected.
+
+endchoice
+
comment "enabling Stack Smashing Protection requires support in the toolchain"
depends on !BR2_TOOLCHAIN_HAS_SSP
diff --git a/package/Makefile.in b/package/Makefile.in
index 803b162..68dc329 100644
--- a/package/Makefile.in
+++ b/package/Makefile.in
@@ -163,7 +163,15 @@ TARGET_CFLAGS += -msep-data
TARGET_CXXFLAGS += -msep-data
endif
-ifeq ($(BR2_ENABLE_SSP),y)
+ifeq ($(BR2_SSP_REGULAR),y)
+TARGET_CFLAGS += -fstack-protector
+TARGET_CXXFLAGS += -fstack-protector
+endif
+ifeq ($(BR2_SSP_STRONG),y)
+TARGET_CFLAGS += -fstack-protector-strong
+TARGET_CXXFLAGS += -fstack-protector-strong
+endif
+ifeq ($(BR2_SSP_ALL),y)
TARGET_CFLAGS += -fstack-protector-all
TARGET_CXXFLAGS += -fstack-protector-all
endif
diff --git a/package/gcc/Config.in.host b/package/gcc/Config.in.host
index 1a5281c..410bf35 100644
--- a/package/gcc/Config.in.host
+++ b/package/gcc/Config.in.host
@@ -6,6 +6,9 @@ config BR2_GCC_NEEDS_MPC
config BR2_GCC_SUPPORTS_GRAPHITE
bool
+config BR2_TOOLCHAIN_HAS_SSP_STRONG
+ bool
+
choice
prompt "GCC compiler Version"
default BR2_GCC_VERSION_4_8_ARC if BR2_arc
@@ -77,6 +80,7 @@ choice
# PR60102 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60102
select BR2_GCC_NEEDS_MPC
select BR2_GCC_SUPPORTS_GRAPHITE
+ select BR2_TOOLCHAIN_HAS_SSP_STRONG
endchoice
--
2.3.3
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [Buildroot] [PATCH] implement granular choice for stack protector
2015-03-18 21:46 [Buildroot] [PATCH] implement granular choice for stack protector Steven Noonan
@ 2015-12-26 23:46 ` Yann E. MORIN
0 siblings, 0 replies; 2+ messages in thread
From: Yann E. MORIN @ 2015-12-26 23:46 UTC (permalink / raw)
To: buildroot
Steven, All,
On 2015-03-18 14:46 -0700, Steven Noonan spake thusly:
> This allows us to choose between the varying degrees of stack-smashing
> protection. The differences are documented in the GCC online documentation[1].
> The -fstack-protector-full option tends to be far too aggressive and have too
> much of an impact on performance to be worth doing.
>
> [1] https://gcc.gnu.org/onlinedocs/gcc-4.9.2/gcc/Optimize-Options.html
> Signed-off-by: Steven Noonan <steven@uplinklabs.net>
I've sent an updated version of this patch:
https://patchwork.ozlabs.org/patch/561125/
Thanks! :-)
Regards,
Yann E. MORIN.
> ---
> Config.in | 42 ++++++++++++++++++++++++++++++++++++++----
> package/Makefile.in | 10 +++++++++-
> package/gcc/Config.in.host | 4 ++++
> 3 files changed, 51 insertions(+), 5 deletions(-)
>
> diff --git a/Config.in b/Config.in
> index 2b39d6a..0006e37 100644
> --- a/Config.in
> +++ b/Config.in
> @@ -506,12 +506,13 @@ config BR2_GOOGLE_BREAKPAD_INCLUDE_FILES
>
> endif
>
> -config BR2_ENABLE_SSP
> +choice
> bool "build code with Stack Smashing Protection"
> - depends on BR2_TOOLCHAIN_HAS_SSP
> + default BR2_SSP_STRONG if BR2_TOOLCHAIN_HAS_SSP_STRONG
> + default BR2_SSP_REGULAR
> help
> - Enable stack smashing protection support using GCCs
> - -fstack-protector-all option.
> + Enable stack smashing protection support using GCC's
> + -fstack-protector option family.
>
> See http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
> for details.
> @@ -520,6 +521,39 @@ config BR2_ENABLE_SSP
> support. This is always the case for glibc and eglibc
> toolchain, but is optional in uClibc toolchains.
>
> +config BR2_SSP_NONE
> + bool "None"
> + help
> + Disable stack-smashing protection.
> +
> +config BR2_SSP_REGULAR
> + bool "-fstack-protector"
> + depends on BR2_TOOLCHAIN_HAS_SSP
> + help
> + Emit extra code to check for buffer overflows, such as stack smashing
> + attacks. This is done by adding a guard variable to functions with
> + vulnerable objects. This includes functions that call alloca, and
> + functions with buffers larger than 8 bytes. The guards are initialized
> + when a function is entered and then checked when the function exits. If
> + a guard check fails, an error message is printed and the program exits.
> +
> +config BR2_SSP_STRONG
> + bool "-fstack-protector-strong"
> + depends on BR2_TOOLCHAIN_HAS_SSP
> + depends on BR2_TOOLCHAIN_HAS_SSP_STRONG
> + help
> + Like -fstack-protector but includes additional functions to be protected
> + ? those that have local array definitions, or have references to local
> + frame addresses.
> +
> +config BR2_SSP_ALL
> + bool "-fstack-protector-all"
> + depends on BR2_TOOLCHAIN_HAS_SSP
> + help
> + Like -fstack-protector except that all functions are protected.
> +
> +endchoice
> +
> comment "enabling Stack Smashing Protection requires support in the toolchain"
> depends on !BR2_TOOLCHAIN_HAS_SSP
>
> diff --git a/package/Makefile.in b/package/Makefile.in
> index 803b162..68dc329 100644
> --- a/package/Makefile.in
> +++ b/package/Makefile.in
> @@ -163,7 +163,15 @@ TARGET_CFLAGS += -msep-data
> TARGET_CXXFLAGS += -msep-data
> endif
>
> -ifeq ($(BR2_ENABLE_SSP),y)
> +ifeq ($(BR2_SSP_REGULAR),y)
> +TARGET_CFLAGS += -fstack-protector
> +TARGET_CXXFLAGS += -fstack-protector
> +endif
> +ifeq ($(BR2_SSP_STRONG),y)
> +TARGET_CFLAGS += -fstack-protector-strong
> +TARGET_CXXFLAGS += -fstack-protector-strong
> +endif
> +ifeq ($(BR2_SSP_ALL),y)
> TARGET_CFLAGS += -fstack-protector-all
> TARGET_CXXFLAGS += -fstack-protector-all
> endif
> diff --git a/package/gcc/Config.in.host b/package/gcc/Config.in.host
> index 1a5281c..410bf35 100644
> --- a/package/gcc/Config.in.host
> +++ b/package/gcc/Config.in.host
> @@ -6,6 +6,9 @@ config BR2_GCC_NEEDS_MPC
> config BR2_GCC_SUPPORTS_GRAPHITE
> bool
>
> +config BR2_TOOLCHAIN_HAS_SSP_STRONG
> + bool
> +
> choice
> prompt "GCC compiler Version"
> default BR2_GCC_VERSION_4_8_ARC if BR2_arc
> @@ -77,6 +80,7 @@ choice
> # PR60102 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60102
> select BR2_GCC_NEEDS_MPC
> select BR2_GCC_SUPPORTS_GRAPHITE
> + select BR2_TOOLCHAIN_HAS_SSP_STRONG
>
> endchoice
>
> --
> 2.3.3
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-12-26 23:46 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-03-18 21:46 [Buildroot] [PATCH] implement granular choice for stack protector Steven Noonan
2015-12-26 23:46 ` Yann E. MORIN
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.