[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AC_*/AM_* macros for options

From: Jeffrey Walton
Subject: Re: AC_*/AM_* macros for options
Date: Tue, 29 Oct 2013 16:10:08 -0400

On Tue, Oct 29, 2013 at 3:09 PM, David A. Wheeler <address@hidden> wrote:
> On 10/28/2013 05:05 PM, Jeffrey Walton wrote:
>> > What are the canned macros to specify ASLR (-fPIE/-pie for a program;
>> > -fPIC/-shared for shared objects), Fortified Sources
>> > (-DFORTIFY_SOURCE), Stack Protector (-fstack-protector-all and --param
>> > ssp-buffer-size), NX Stack (-Wl,-z,noexecstack), NX Heap
>> > (-Wl,-z,noexecheap), GOT hardening (-Wl,-z,relro), PLT hardening
>> > (-Wl,-z,now)?
>> >
>> > Related: are there canned macros for warning such as -Wall, -Wextra,
>> > and -Wconversion?
> Eric Blake replied:
>> Autoconf itself does not provide any canned macro for these
>> (gcc-specific) flags; but you may be interested in gnulib's manywarnings 
>> module.
> I'd like to see autoconf portably *enable* compiler warnings by default (at 
> least -Wall),
> for at least gcc and llvm.  The compiler-probing mechanism could determine 
> that
> for common cases.  The earlier people see warnings, the more likely they are 
> to
> address them, and that would eliminate some security problems.
-Wconversion should be included. That's because -1 > 1 after promotion:

    signed int i = -1;
    unsigned int j = 1;

    if(i > j)
        printf("-1 > 1 !!!\n");

I understand its going to be a pain point for those who don't pay
attention to details.

> Ideally hardening options should be enabled by default
> (at least -fPIE or -fpie so ASLR works, and probably others too), but I 
> understand
> why that's not automatic.  But if it's not enabled by default, autoconf
> should come with a macro to detect and enable hardening options
> for common compilers/linkers.  If it's easy to turn on, more people will do 
> it.
> That way, programs would be harder to attack.

Items like FORTIFY_SOURCES, NX Stacks and Heaps, -z,relro, and -z,now
beg for autotools. I'd love to see autotools do more of the right
thing more often.

FORTIFY_SOURCES=2 applies to most GNU/Linux desktops/servers under
GCC; but FORTIFY_SOURCES=1 applies to Android 4.x and above. That's
the sort of thing autotools is supposed to handle.

NX Stacks are avilable on most GNU/Linux desktops/servers under GCC,
but NX Heaps are available on Getoo and other PaX enabled kernels. It
also begs for autotools.

Trampolines built on the stack destroy NX Stacks under GCC (the
GNU_STACK section is silently dropped), so -Wtrampolines should be
included when NX Stacks are enabled.

iOS is somewhat of a bastard child, but that's the sort of thing
autotools is supposed to handle.

Android and iOS should include -Wcast-align, too. We still see bricks
due to programmer mistakes and there's no reason they should not be
warned. Here's one for QT from last week:

-fwrapv and -fno-strict-overflow are used for broken programs, so
anytime they are present -Wstrict-overflow should be enabled.

Clang, clang++, ICC, and ICPC usually honor most GCC and LD options
(and they even define __GNUC__ to 4), so most of the items would apply
to those compilers too.

For those who want to shoot themselves in the foot, give them the
--no-XXX option.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]