mirror of
https://github.com/RGBCube/serenity
synced 2025-07-26 19:07:36 +00:00
Build + LibC: Enable -fstack-protector-strong in user space
Modify the user mode runtime to insert stack canaries to find stack corruptions.
The `-fstack-protector-strong` variant was chosen because it catches more
issues than vanilla `-fstack-protector`, but doesn't have substantial
performance impact like `-fstack-protector-all`.
Details:
-fstack-protector enables stack protection for vulnerable functions that contain:
* A character array larger than 8 bytes.
* An 8-bit integer array larger than 8 bytes.
* A call to alloca() with either a variable size or a constant size bigger than 8 bytes.
-fstack-protector-strong enables stack protection for vulnerable functions that contain:
* An array of any size and type.
* A call to alloca().
* A local variable that has its address taken.
Example of it catching corrupting in the `stack-smash` test:
```
courage ~ $ ./user/Tests/LibC/stack-smash
[+] Starting the stack smash ...
Error: Stack protector failure, stack smashing detected!
Shell: Job 1 (/usr/Tests/LibC/stack-smash) Aborted
```
This commit is contained in:
Brian Gianforcaro
Andreas Kling
parent
bf3772362a
commit
06da50afc7
7 changed files with 124 additions and 13 deletions
|
|
@ -43,5 +43,6 @@ int __cxa_atexit(AtExitFunction exit_function, void* parameter, void* dso_handle
|
|||
void __cxa_finalize(void* dso_handle);
|
||||
[[noreturn]] void __cxa_pure_virtual() __attribute__((weak));
|
||||
[[noreturn]] void __stack_chk_fail();
|
||||
[[noreturn]] void __stack_chk_fail_local();
|
||||
|
||||
__END_DECLS
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue