This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

--enable-stack-protector for glibc.

From: Nix <nix at esperi dot org dot uk>
To: libc-alpha at sourceware dot org
Cc: carlos at redhat dot com
Date: Sat, 20 Feb 2016 10:23:34 +0000
Subject: --enable-stack-protector for glibc.
Authentication-results: sourceware.org; auth=none

So this is the provisional "stack-protect glibc" patch, a version of which has
been running for many, many years on my (x86-32 Geode) firewall.  No changelog
yet, but I'll write one soonish.  (When I do, it'll cite glibc bug 7065.  Bug
7066, a buffer overrun in strtold(), was uncovered during the initial
development of this patch, many years ago.)

It's against glibc head as of a few days ago, a5df3210a641c17.

I've gone through it and dropped things that don't seem to have any
justification nor affect testsuite results.  Some of the things thus dropped may
in fact be important for proper functioning of things like error messages from
statically linked programs when running against a kernel too old for the glibc:
I haven't retested that case, but it is plausible.  (I'll test that case at some
point in the next few days, but after many dozens of 64- and 32-bit x86 glibc
build-and-tests with every combination of
--enable-stack-protector={no,yes,all,strong} / --enable-omitfp /
--enable-stackguard-randomization I had frankly had enough of that for now!)

The testsuite passes with every combination of those flags (other than various
combinations with --enable-stack-protector=no, that seemed pointless to test):
no failures are observed with it that are not also observed on an unpatched
glibc with the same flag combinations.  However, until last night two things
were failing: I figured out how to stop them, but I don't understand why this
patch works and why, if it works, many others aren't needed (see the last patch
in the series).


I have not even considered investigating the performance of this.  Suffice to
say that with everything *but* glibc stack-protected on many distros, and with
perforamnce appearing quite acceptable to me on a 32-bit 500MHz embedded
processor, the performance implications of this patch do not appear to be
catastrophic. It's probably the same as the stack-protector always is: a few
percent.

The patches themselves have my work address on them because I just spent
a couple of work days on them.

Follow-Ups:
- [PATCH 04/12] Allow overriding of CFLAGS as well as CPPFLAGS for rtld.
  - From: Nix
- [PATCH 03/12] Initialize the stack guard earlier when linking statically.
  - From: Nix
- [PATCH 01/12] Configury support for --enable-stack-protector.
  - From: Nix
- [PATCH 05/12] Mark all machinery needed in early static-link init as -fno-stack-protector.
  - From: Nix
- [PATCH 07/12] Link libc.so with libc_nonshared.a to pull in __stack_chk_fail.
  - From: Nix
- [PATCH 09/12] Enable -fstack-protector=* when requested by configure.
  - From: Nix
- [PATCH 08/12] Link various tests with -fno-stack-protector.
  - From: Nix
- [PATCH 11/12] Drop explicit stack-protection of pieces of the system.
  - From: Nix
- [PATCH 06/12] Compile the entire dynamic linker with -fno-stack-protector.
  - From: Nix
- [PATCH 12/12] Avoid stack-protecting certain functions called from assembly.
  - From: Nix
- [PATCH 10/12] Work even with compilers hacked to enable -fstack-protector by default.
  - From: Nix
- [PATCH 02/12] Make __stack_chk_fail() not use other glibc facilities.
  - From: Nix

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]