Am 12.05.2010 09:15, schrieb Allan McRae:
On 12/05/10 16:49, Jan de Groot wrote:
On Wed, 2010-05-12 at 12:35 +1000, Allan McRae wrote:
Hi,
We have a bug report asking to enable stack-smashing protection in our package building. Looking at the overhead estimates by other distros that use it, overall it appears fairly minimal (OpenBSD says 1.3% on average). There used to be some build issues (see bottom of this page for Ubuntu report: https://wiki.ubuntu.com/GccSsp), but I am not sure of the current status. Also, it can be disabled with -fno-stack-protector if needed.
I am in favour of doing this. I think adding -fstack-protector is enough as that adds protection to only functions "vulnerable" to buffer overflows (as defined by gcc... mainly character arrays) while -fstack-protector-all adds it to all functions.
We should maybe also add -D_FORTIFY_SOURCE=2. This detects some buffer overflows compile time and others at run time. It was designed to have minimal runtime overhead.
Any opinions?
Given the fact that GCC 4.5 produces broken binaries with software that needs -fno-strict-aliasing (busybox comes to mind, but also others), I don't think it's good to introduce such a change now. Our toolchain should get fixed before we attempt to add more features to our compiler flags.
There is a fix on the gcc bug tracker but I am waiting for it to be backported to gcc-4.5. If it has not been done by the next toolchain rebuild (I expect in the next week), I will backport it myself.
Yeah, but there's even more breakage in busybox as you might have noticed, unrelated to that fix.