mirror of
https://github.com/RGBCube/serenity
synced 2025-07-27 03:47:35 +00:00
Build + LibC: Enable -fstack-protector-strong in user space
Modify the user mode runtime to insert stack canaries to find stack corruptions. The `-fstack-protector-strong` variant was chosen because it catches more issues than vanilla `-fstack-protector`, but doesn't have substantial performance impact like `-fstack-protector-all`. Details: -fstack-protector enables stack protection for vulnerable functions that contain: * A character array larger than 8 bytes. * An 8-bit integer array larger than 8 bytes. * A call to alloca() with either a variable size or a constant size bigger than 8 bytes. -fstack-protector-strong enables stack protection for vulnerable functions that contain: * An array of any size and type. * A call to alloca(). * A local variable that has its address taken. Example of it catching corrupting in the `stack-smash` test: ``` courage ~ $ ./user/Tests/LibC/stack-smash [+] Starting the stack smash ... Error: Stack protector failure, stack smashing detected! Shell: Job 1 (/usr/Tests/LibC/stack-smash) Aborted ```
This commit is contained in:
parent
bf3772362a
commit
06da50afc7
7 changed files with 124 additions and 13 deletions
|
@ -18,6 +18,9 @@ set(SOURCES ${LOADER_SOURCES} ${AK_SOURCES} ${ELF_SOURCES} ${LIBC_SOURCES1} ${LI
|
|||
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fno-rtti -nostdlib -pie -fpic -DNO_TLS")
|
||||
|
||||
set_source_files_properties (../../Libraries/LibC/ssp.cpp PROPERTIES COMPILE_FLAGS
|
||||
"-fno-stack-protector")
|
||||
|
||||
add_executable(Loader.so ${SOURCES})
|
||||
target_link_options(Loader.so PRIVATE LINKER:--no-dynamic-linker)
|
||||
install(TARGETS Loader.so RUNTIME DESTINATION usr/lib/)
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue