Add -mshstk to the C/C++ Compiler Hardening Guide? #267
Comments
|
The distinction between For our Hardened profiles in Gentoo, we pass |
|
The built-in functions are, in my opinion, only needed if you are building a shadow stack support into C standard libraries or other code which may be doing unconventional management of the stack. I would suggest we cover |
“SafeStack supports linking statically modules that are compiled with and without SafeStack. An executable compiled with SafeStack can load dynamic libraries that are not compiled with SafeStack. At the moment, compiling dynamic libraries with SafeStack is not supported.” Just to provide a more authoritative reference than a StackOverflow post. FWIW, so far as I know the problem isn't hard to fix, there simply hasn't been any interest. To fix, the |
I think we should consider adding
-mshstkto the C/C++ Compiling Hardening guide.It is recommended in Use compiler flags for stack protection in GCC and Clang, where it notes: "This form of protection splits the stack into two distinct areas, storing precious variables and user variables in non-contiguous memory areas. The goal is to make it more difficult to smash one of the stacks from the other. This process occurs in hardware (e.g., x86_64 shadow stack) or in software such as LLVM's SafeStack."
This
-mshstkflag is supported in clang and GCC. GCC 9.1.0 documents it as follows: "The -mshstk option enables shadow stack built-in functions from x86 Control-flow Enforcement Technology (CET)."I'm not recommending adding Clang's SafeStack, which it adds through this flag:
-fsanitize=safe-stack. This StackOverflow answer suggests there are problems with that with shared libraries. That may be incorrect (please let me know!), but until we're confident that problems are rare, I'm not confident in recommending it.The text was updated successfully, but these errors were encountered: