Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable hardening flags where available #1501

Closed
wants to merge 1 commit into from
Closed

Enable hardening flags where available #1501

wants to merge 1 commit into from

Conversation

DemiMarie
Copy link
Contributor

We want to remove as many forms of undefined behavior as we can. This
adds flags to make integer and pointer overflows well-defined.
Furthermore, it turns on strong stack protection.

@pmatilai
Copy link
Member

Change the commit summary to "Enable compiler sanity" and I'll merge in a whim 😄

Not really joking about that BTW. But actually do explain the different options in the commit message more thoroughly. It's possible (likely even) that other compilers need similar treatment but different flags, and they shouldn't have to chase around for gcc online docs to see what magic it is that these rather obscure flags do.

Oh and feel free to add -fno-delete-null-pointer-checks while at it. I have a dim recollection of reading about kernel developers getting upset about that and must've thought they made enough noise for the gcc folks to revert that behavior. But apparently not, yikes 😬

@DemiMarie
Enable hardening flags where available
a1b3a45 
We want to remove as many forms of undefined behavior as we can.  This
adds flags to make integer and pointer overflows well-defined.
Furthermore, it turns on strong stack protection.

Specifically:

- `-fwrapv` tells GCC and Clang that signed integers should have 2’s
  complement semantics.

- `-fwrapv-pointer` tells GCC that pointer arithmetic overflow can wrap,
  and therefore that out-of-bounds pointer arithmetic is well-defined.

- `-fno-strict-overflow` is the same as both of the above flags on GCC,
  and `-fwrapv` on clang.  I included it for completeness.

- `-fno-strict-aliasing` turns off the strict-aliasing rule.

- `-fstack-protector-all` turns on stack canaries for all functions.

- `-fno-delete-null-pointer-checks` makes dereferencing NULL
  well-defined on GCC.

- `-fstack-check` checks for stack overflows.

- `-fstack-clash-protection` prevents stack-clash attacks

- `-fcf-protection=full` enables control-flow integrity where available

- `-D_FORTIFY_SOURCE=2` and `-D_GLIBCXX_ASSERTIONS` enable hardening
  features in the C and C++ libraries, respectively.
@pmatilai
Copy link
Member

I asked you to add one specific flag, not everything in gcc manual. Also like said, I was not joking about the compiler sanity part - hardening flags are a job for distros to choose (that -fstack-protector should rather be removed than more of that kind added), but fundamental compiler behavior is an upstream matter.

@pmatilai
Copy link
Member

I'll handle this separately. Thanks for the suggestion though.

@pmatilai pmatilai closed this Mar 18, 2021
@pmatilai pmatilai mentioned this pull request Mar 18, 2021
Merged
@DemiMarie DemiMarie deleted the enable-hardening-flags branch March 18, 2021 17:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@DemiMarie @pmatilai