[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Stack protection via GCC's `-fstack-protector'

From: Thomas Schwinge
Subject: Stack protection via GCC's `-fstack-protector'
Date: Wed, 8 Nov 2006 22:40:54 +0100
User-agent: Mutt/1.5.6+20040907i

[Please keep both <bug-hurd@gnu.org> and <grub-devel@gnu.org> in the
recipients list.]


For some time, GCC now offers the following feature:

info Gcc
     Emit extra code to check for buffer overflows, such as stack
     smashing attacks.  This is done by adding a guard variable to
     functions with vulnerable objects.  This includes functions that
     call alloca, and functions with buffers larger than 8 bytes.  The
     guards are initialized when a function is entered and then checked
     when the function exits.  If a guard check fails, an error message
     is printed and the program exits.

I now happen to be running a GCC 4.1 installation which has that one
enabled by default.  Unfortunately, building GNU Mach and GRUB2 (didn't
check GRUB legacy) is affected by that:

gcc -o kernel.exec kernel_img-kern_i386_pc_startup.o kernel_img-kern_main.o 
kernel_img-kern_device.o kernel_img-kern_disk.o kernel_img-kern_dl.o 
kernel_img-kern_file.o kernel_img-kern_fs.o kernel_img-kern_err.o 
kernel_img-kern_misc.o kernel_img-kern_mm.o kernel_img-kern_loader.o 
kernel_img-kern_rescue.o kernel_img-kern_term.o kernel_img-kern_i386_dl.o 
kernel_img-kern_i386_pc_init.o kernel_img-kern_parser.o 
kernel_img-kern_partition.o kernel_img-kern_env.o 
kernel_img-disk_i386_pc_biosdisk.o kernel_img-term_i386_pc_console.o 
kernel_img-symlist.o  -nostdlib -Wl,-N,-Ttext,8200 -fno-builtin -mrtd 
-mregparm=3 -m32
kernel_img-kern_device.o: In function `grub_device_iterate':
../kern/device.c:142: undefined reference to `__stack_chk_fail'
kernel_img-kern_disk.o: In function `grub_disk_write':
../kern/disk.c:553: undefined reference to `__stack_chk_fail'
kernel_img-kern_misc.o: In function `grub_vsprintf':
../kern/misc.c:897: undefined reference to `__stack_chk_fail'
kernel_img-kern_rescue.o: In function `grub_rescue_cmd_cat':
../kern/rescue.c:169: undefined reference to `__stack_chk_fail'
kernel_img-kern_i386_pc_init.o: In function `grub_machine_set_prefix':
../kern/i386/pc/init.c:239: undefined reference to `__stack_chk_fail'
kernel_img-kern_parser.o:../kern/parser.c:230: more undefined references to 
`__stack_chk_fail' follow
collect2: ld returned 1 exit status
make: *** [kernel.exec] Error 1

GNU Mach
ld -u _start -r -o gnumach.o --start-group  libkernel.a liblinux.a 
liblinux_pcmcia_cs_modules.a liblinux_pcmcia_cs_clients.a 
nm -u gnumach.o | sed 's/  *U  *//;s/^_*//' | sort -u > gnumach-undef
sed '/^memcpy$/d; /^memmove$/d; /^memset$/d; /^bcopy$/d; /^bzero$/d; 
/^strchr$/d; /^strstr$/d; /^strsep$/d; /^strpbrk$/d; /^strtok$/d; /^htonl$/d; 
/^htons$/d; /^ntohl$/d; /^ntohs$/d; /^etext$/d; /^edata$/d; /^end$/d;' 
gnumach-undef > gnumach-undef-bad
if test -s gnumach-undef-bad; \
        then cat gnumach-undef-bad; exit 2; else true; fi
make[2]: *** [clib-routines.o] Error 2
make[2]: Leaving directory 
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory 
make: *** [all] Error 2

Is it feasible to have the `-fstack-protector' functionality in GNU Mach
and GRUB2 (and how to do that, then) or shall we unconditionally pass
`-fno-stack-protector' if available?


Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]