On 04/14/2013 03:34 AM, Steve Grubb wrote:
-fstack-protector-all really is all. The default in Fedora is 4 bytes which
would cover cases where ints and char[] are interposed as in some networking
code. But more importantly, the defaul stack-protector only kicks in when the
object is a char array. If its an int array or something exotic like an array
within a struct, it does not kick in. That is what the -fstack-protector-
strong patch provides. Its been floating around the internet and is the default
for chrome OS. All the testing I've done shows it catches all stack overflows
of all kinds. We really need it integrated with Fedora's gcc.
The basic patch has been committed upstream:
<http://gcc.gnu.org/viewcvs/gcc?view=revision&revision=198699>
It's still incomplete, though, particularly for C++. Slots for structs
returned from functions can be allocated in the caller and are
addressable in the callee (as a consequence of the named return value
optimization). This means that the calling function should be
instrumented with a canary. Han Shen is going to work on a follow-up
patch which addresses this gap. Once that additional patch is in, we
should consider backporting both patches.
--
Florian Weimer / Red Hat Product Security Team
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
