FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian GCC

 
 
LinkBack Thread Tools
 
Old 10-28-2009, 10:50 PM
Christoph Anton Mitterer
 
Default Switch on compiler hardening defaults

On Tue, 2009-10-27 at 22:19 -0200, Henrique de Moraes Holschuh wrote:
> Well, the issue raised in LKML is that you absolutely should *not* enable
> -fstack-protector-all unless you _really_ know what you're doing, and most
> certainly not by default. It has nothing to do with -fstack-protector, just
> with -fstack-protector-all. But it does show that extra stack usage CAN
> have bad effects on performance in pathological cases (which -all seems
> to cause more readly :-p ).
Isn't this what they've done starting with the 2.6.31 debian packages?
CONFIG_CC_STACKPROTECTOR_ALL=y
CONFIG_CC_STACKPROTECTOR=y

Should we bugreport this agains src:linux2.6 ?

Cheers,
Chris.


--
To UNSUBSCRIBE, email to debian-gcc-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 10-28-2009, 10:50 PM
Christoph Anton Mitterer
 
Default Switch on compiler hardening defaults

On Tue, 2009-10-27 at 22:19 -0200, Henrique de Moraes Holschuh wrote:
> Well, the issue raised in LKML is that you absolutely should *not* enable
> -fstack-protector-all unless you _really_ know what you're doing, and most
> certainly not by default. It has nothing to do with -fstack-protector, just
> with -fstack-protector-all. But it does show that extra stack usage CAN
> have bad effects on performance in pathological cases (which -all seems
> to cause more readly :-p ).
Isn't this what they've done starting with the 2.6.31 debian packages?
CONFIG_CC_STACKPROTECTOR_ALL=y
CONFIG_CC_STACKPROTECTOR=y

Should we bugreport this agains src:linux2.6 ?

Cheers,
Chris.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 10-29-2009, 09:55 PM
Henrique de Moraes Holschuh
 
Default Switch on compiler hardening defaults

On Thu, 29 Oct 2009, Christoph Anton Mitterer wrote:
> On Tue, 2009-10-27 at 22:19 -0200, Henrique de Moraes Holschuh wrote:
> > Well, the issue raised in LKML is that you absolutely should *not* enable
> > -fstack-protector-all unless you _really_ know what you're doing, and most
> > certainly not by default. It has nothing to do with -fstack-protector, just
> > with -fstack-protector-all. But it does show that extra stack usage CAN
> > have bad effects on performance in pathological cases (which -all seems
> > to cause more readly :-p ).
> Isn't this what they've done starting with the 2.6.31 debian packages?
> CONFIG_CC_STACKPROTECTOR_ALL=y
> CONFIG_CC_STACKPROTECTOR=y
>
> Should we bugreport this agains src:linux2.6 ?

I think so.

--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh


--
To UNSUBSCRIBE, email to debian-gcc-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 10-29-2009, 09:55 PM
Henrique de Moraes Holschuh
 
Default Switch on compiler hardening defaults

On Thu, 29 Oct 2009, Christoph Anton Mitterer wrote:
> On Tue, 2009-10-27 at 22:19 -0200, Henrique de Moraes Holschuh wrote:
> > Well, the issue raised in LKML is that you absolutely should *not* enable
> > -fstack-protector-all unless you _really_ know what you're doing, and most
> > certainly not by default. It has nothing to do with -fstack-protector, just
> > with -fstack-protector-all. But it does show that extra stack usage CAN
> > have bad effects on performance in pathological cases (which -all seems
> > to cause more readly :-p ).
> Isn't this what they've done starting with the 2.6.31 debian packages?
> CONFIG_CC_STACKPROTECTOR_ALL=y
> CONFIG_CC_STACKPROTECTOR=y
>
> Should we bugreport this agains src:linux2.6 ?

I think so.

--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 10-29-2009, 11:01 PM
Henrique de Moraes Holschuh
 
Default Switch on compiler hardening defaults

On Tue, 27 Oct 2009, Kees Cook wrote:
> On Mon, Oct 26, 2009 at 11:14:25AM +0100, Bastian Blank wrote:
> > On Sun, Oct 25, 2009 at 11:55:25AM -0700, Kees Cook wrote:
> > > I would like to propose enabling[1] the GCC hardening patches that Ubuntu
> > > uses[2].
> >
> > How do they work? Do they also change the free-standing compiler or only
> > the hosted one? There is a lot of software, which (I would say) missuse
> > the hosted compiler to build non-userspace-code, including the Linux
> > kernel.
>
> The stack protector is conditional on being linked with libc, so, if you
> build with -nostdlib (as the kernel does), it is implicitly disabled.

This doesn't make sense. The kernel can, and does use stack protector
functionality for its built if you ask it to. Do you mean the defaults are
changed only when -nostdlib is NOT given?

--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh


--
To UNSUBSCRIBE, email to debian-gcc-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 10-29-2009, 11:01 PM
Henrique de Moraes Holschuh
 
Default Switch on compiler hardening defaults

On Tue, 27 Oct 2009, Kees Cook wrote:
> On Mon, Oct 26, 2009 at 11:14:25AM +0100, Bastian Blank wrote:
> > On Sun, Oct 25, 2009 at 11:55:25AM -0700, Kees Cook wrote:
> > > I would like to propose enabling[1] the GCC hardening patches that Ubuntu
> > > uses[2].
> >
> > How do they work? Do they also change the free-standing compiler or only
> > the hosted one? There is a lot of software, which (I would say) missuse
> > the hosted compiler to build non-userspace-code, including the Linux
> > kernel.
>
> The stack protector is conditional on being linked with libc, so, if you
> build with -nostdlib (as the kernel does), it is implicitly disabled.

This doesn't make sense. The kernel can, and does use stack protector
functionality for its built if you ask it to. Do you mean the defaults are
changed only when -nostdlib is NOT given?

--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 10-30-2009, 12:03 AM
Kees Cook
 
Default Switch on compiler hardening defaults

On Thu, Oct 29, 2009 at 10:01:08PM -0200, Henrique de Moraes Holschuh wrote:
> On Tue, 27 Oct 2009, Kees Cook wrote:
> > On Mon, Oct 26, 2009 at 11:14:25AM +0100, Bastian Blank wrote:
> > > On Sun, Oct 25, 2009 at 11:55:25AM -0700, Kees Cook wrote:
> > > > I would like to propose enabling[1] the GCC hardening patches that Ubuntu
> > > > uses[2].
> > >
> > > How do they work? Do they also change the free-standing compiler or only
> > > the hosted one? There is a lot of software, which (I would say) missuse
> > > the hosted compiler to build non-userspace-code, including the Linux
> > > kernel.
> >
> > The stack protector is conditional on being linked with libc, so, if you
> > build with -nostdlib (as the kernel does), it is implicitly disabled.
>
> This doesn't make sense. The kernel can, and does use stack protector
> functionality for its built if you ask it to. Do you mean the defaults are
> changed only when -nostdlib is NOT given?

Yes, I was a bit unclear, sorry. The -fstack-protector option is not
added to the option list when either -fno-stack-protector or -nostdlib
are already in the option list. The GCC spec[1] for this is:

%{!fno-stack-protector:%{!nostdlib:-fstack-protector}}

If you add -fstack-protector to a build (regardless of -nostdlib), gcc
will attempt to use the stack protector. This is how the kernel builds
when the CC_STACKPROTECTOR option is enabled.

And I can prove this works. The Ubuntu kernel uses both the hardened
compiler and the CC_STACKPROTECTOR option, and you can see the results on
an Ubuntu system:
$ readelf -s /lib/modules/$(uname -r)/kernel/fs/nfs/nfs.ko | grep stack_chk
1114: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND __stack_chk_fail

-Kees

[1] http://patch-tracker.debian.org/patch/series/view/gcc-4.4/4.4.2-1/gcc-default-ssp.diff

--
Kees Cook @debian.org


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 10-30-2009, 12:03 AM
Kees Cook
 
Default Switch on compiler hardening defaults

On Thu, Oct 29, 2009 at 10:01:08PM -0200, Henrique de Moraes Holschuh wrote:
> On Tue, 27 Oct 2009, Kees Cook wrote:
> > On Mon, Oct 26, 2009 at 11:14:25AM +0100, Bastian Blank wrote:
> > > On Sun, Oct 25, 2009 at 11:55:25AM -0700, Kees Cook wrote:
> > > > I would like to propose enabling[1] the GCC hardening patches that Ubuntu
> > > > uses[2].
> > >
> > > How do they work? Do they also change the free-standing compiler or only
> > > the hosted one? There is a lot of software, which (I would say) missuse
> > > the hosted compiler to build non-userspace-code, including the Linux
> > > kernel.
> >
> > The stack protector is conditional on being linked with libc, so, if you
> > build with -nostdlib (as the kernel does), it is implicitly disabled.
>
> This doesn't make sense. The kernel can, and does use stack protector
> functionality for its built if you ask it to. Do you mean the defaults are
> changed only when -nostdlib is NOT given?

Yes, I was a bit unclear, sorry. The -fstack-protector option is not
added to the option list when either -fno-stack-protector or -nostdlib
are already in the option list. The GCC spec[1] for this is:

%{!fno-stack-protector:%{!nostdlib:-fstack-protector}}

If you add -fstack-protector to a build (regardless of -nostdlib), gcc
will attempt to use the stack protector. This is how the kernel builds
when the CC_STACKPROTECTOR option is enabled.

And I can prove this works. The Ubuntu kernel uses both the hardened
compiler and the CC_STACKPROTECTOR option, and you can see the results on
an Ubuntu system:
$ readelf -s /lib/modules/$(uname -r)/kernel/fs/nfs/nfs.ko | grep stack_chk
1114: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND __stack_chk_fail

-Kees

[1] http://patch-tracker.debian.org/patch/series/view/gcc-4.4/4.4.2-1/gcc-default-ssp.diff

--
Kees Cook @debian.org


--
To UNSUBSCRIBE, email to debian-gcc-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 10-30-2009, 12:08 PM
Henrique de Moraes Holschuh
 
Default Switch on compiler hardening defaults

On Thu, 29 Oct 2009, Kees Cook wrote:
> On Thu, Oct 29, 2009 at 10:01:08PM -0200, Henrique de Moraes Holschuh wrote:
> > On Tue, 27 Oct 2009, Kees Cook wrote:
> > > On Mon, Oct 26, 2009 at 11:14:25AM +0100, Bastian Blank wrote:
> > > > On Sun, Oct 25, 2009 at 11:55:25AM -0700, Kees Cook wrote:
> > > > > I would like to propose enabling[1] the GCC hardening patches that Ubuntu
> > > > > uses[2].
> > > >
> > > > How do they work? Do they also change the free-standing compiler or only
> > > > the hosted one? There is a lot of software, which (I would say) missuse
> > > > the hosted compiler to build non-userspace-code, including the Linux
> > > > kernel.
> > >
> > > The stack protector is conditional on being linked with libc, so, if you
> > > build with -nostdlib (as the kernel does), it is implicitly disabled.
> >
> > This doesn't make sense. The kernel can, and does use stack protector
> > functionality for its built if you ask it to. Do you mean the defaults are
> > changed only when -nostdlib is NOT given?
>
> Yes, I was a bit unclear, sorry. The -fstack-protector option is not
> added to the option list when either -fno-stack-protector or -nostdlib
> are already in the option list. The GCC spec[1] for this is:

That, and the fact that -fstack-protector-all is NOT used, removes all
objections I might have: it means the kernel build won't be affected, and it
preserves the decisions made by the kernel upstream about which files should
get -fstack-protector and which files shouldn't.

Thanks!

--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh


--
To UNSUBSCRIBE, email to debian-gcc-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 10-30-2009, 12:08 PM
Henrique de Moraes Holschuh
 
Default Switch on compiler hardening defaults

On Thu, 29 Oct 2009, Kees Cook wrote:
> On Thu, Oct 29, 2009 at 10:01:08PM -0200, Henrique de Moraes Holschuh wrote:
> > On Tue, 27 Oct 2009, Kees Cook wrote:
> > > On Mon, Oct 26, 2009 at 11:14:25AM +0100, Bastian Blank wrote:
> > > > On Sun, Oct 25, 2009 at 11:55:25AM -0700, Kees Cook wrote:
> > > > > I would like to propose enabling[1] the GCC hardening patches that Ubuntu
> > > > > uses[2].
> > > >
> > > > How do they work? Do they also change the free-standing compiler or only
> > > > the hosted one? There is a lot of software, which (I would say) missuse
> > > > the hosted compiler to build non-userspace-code, including the Linux
> > > > kernel.
> > >
> > > The stack protector is conditional on being linked with libc, so, if you
> > > build with -nostdlib (as the kernel does), it is implicitly disabled.
> >
> > This doesn't make sense. The kernel can, and does use stack protector
> > functionality for its built if you ask it to. Do you mean the defaults are
> > changed only when -nostdlib is NOT given?
>
> Yes, I was a bit unclear, sorry. The -fstack-protector option is not
> added to the option list when either -fno-stack-protector or -nostdlib
> are already in the option list. The GCC spec[1] for this is:

That, and the fact that -fstack-protector-all is NOT used, removes all
objections I might have: it means the kernel build won't be affected, and it
preserves the decisions made by the kernel upstream about which files should
get -fstack-protector and which files shouldn't.

Thanks!

--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 10:21 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org