From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1GvIqq-0000G0-Ve for mharc-grub-devel@gnu.org; Fri, 15 Dec 2006 14:36:13 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1GvIqp-0000DY-9u for grub-devel@gnu.org; Fri, 15 Dec 2006 14:36:11 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1GvIqo-0000Bz-N3 for grub-devel@gnu.org; Fri, 15 Dec 2006 14:36:10 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1GvIqo-0000Bi-Ia for grub-devel@gnu.org; Fri, 15 Dec 2006 14:36:10 -0500 Received: from [199.232.76.164] (helo=fencepost.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.52) id 1GvIqo-0003ea-Ix for grub-devel@gnu.org; Fri, 15 Dec 2006 14:36:10 -0500 Received: from tschwinge by fencepost.gnu.org with local (Exim 4.52) id 1GvIqn-000133-Oy for grub-devel@gnu.org; Fri, 15 Dec 2006 14:36:09 -0500 Date: Fri, 15 Dec 2006 20:36:09 +0100 From: Thomas Schwinge To: grub-devel@gnu.org Message-ID: <20061215193609.GV19641@fencepost> References: <20061108214054.GU32338@fencepost> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="F41/6/O0EvKTfNqT" Content-Disposition: inline In-Reply-To: <20061108214054.GU32338@fencepost> X-Homepage: http://nic-nac-project.de/~schwinge/ User-Agent: Mutt/1.5.9i Subject: Re: Stack protection via GCC's `-fstack-protector' X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Dec 2006 19:36:11 -0000 --F41/6/O0EvKTfNqT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello! On Wed, Nov 08, 2006 at 10:40:54PM +0100, I wrote: > For some time, GCC now offers the following feature: >=20 > info Gcc > #v+ > `-fstack-protector' > Emit extra code to check for buffer overflows, such as stack > smashing attacks. This is done by adding a guard variable to > functions with vulnerable objects. This includes functions that > call alloca, and functions with buffers larger than 8 bytes. The > guards are initialized when a function is entered and then checked > when the function exits. If a guard check fails, an error message > is printed and the program exits. > #v- >=20 > I now happen to be running a GCC 4.1 installation which has that one > enabled by default. Unfortunately, building GNU Mach and GRUB2 (didn't > check GRUB legacy) is affected by that: To completely support this feature in kernel-like environments, work on GCC itself is needed, see , so for the mean time I created the following patch to be able to continue building GRUB2 on systems that have `-fstack-protector' enabled by default. (This patch is equal to what we've been using in GNU Mach for some time now.) 2006-12-15 Thomas Schwinge * aclocal.m4 (grub_CHECK_STACK_PROTECTOR): New definition. * configure.ac: Use it for testing the HOST and TARGET compilers. Index: aclocal.m4 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /cvsroot/grub/grub2/aclocal.m4,v retrieving revision 1.5 diff -u -p -r1.5 aclocal.m4 --- aclocal.m4 13 Aug 2005 18:44:14 -0000 1.5 +++ aclocal.m4 15 Dec 2006 19:18:18 -0000 @@ -343,3 +343,23 @@ dnl So use regparm 2 until a better test [Catch gcc bug]) fi ]) +=0C +dnl Check if the C compiler supports `-fstack-protector'. +dnl Written by Thomas Schwinge. +AC_DEFUN(grub_CHECK_STACK_PROTECTOR,[ +[# Smashing stack protector. +ssp_possible=3Dyes] +AC_MSG_CHECKING([whether `$CC' accepts `-fstack-protector']) +# Is this a reliable test case? +AC_LANG_CONFTEST([[void foo (void) { volatile char a[8]; a[3]; }]]) +[# `$CC -c -o ...' might not be portable. But, oh, well... Is calling +# `ac_compile' like this correct, after all? +if eval "$ac_compile -S -fstack-protector -o conftest.s" 2> /dev/null; the= n] + AC_MSG_RESULT([yes]) + [# Should we clear up other files as well, having called `AC_LANG_CONFTE= ST'? + rm -f conftest.s +else + ssp_possible=3Dno] + AC_MSG_RESULT([no]) +[fi] +]) Index: configure.ac =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /cvsroot/grub/grub2/configure.ac,v retrieving revision 1.35 diff -u -p -r1.35 configure.ac --- configure.ac 13 Dec 2006 22:30:19 -0000 1.35 +++ configure.ac 15 Dec 2006 19:18:18 -0000 @@ -149,6 +149,19 @@ fi AC_CHECK_FUNCS(posix_memalign memalign) =20 # +# Compiler features. +# + +# Smashing stack protector. +grub_CHECK_STACK_PROTECTOR +[# Need that, because some distributions ship compilers that include +# `-fstack-protector' in the default specs. +if [ x"$ssp_possible" =3D xyes ]; then + CFLAGS=3D$CFLAGS\ -fno-stack-protector +fi] + + +# # Check for target programs. # =20 @@ -225,6 +238,18 @@ if test "x$target_m32" =3D x1; then TARGET_LDFLAGS=3D"$TARGET_LDFLAGS -m32" fi =20 +# +# Compiler features. +# + +# Smashing stack protector. +grub_CHECK_STACK_PROTECTOR +[# Need that, because some distributions ship compilers that include +# `-fstack-protector' in the default specs. +if [ x"$ssp_possible" =3D xyes ]; then + TARGET_CFLAGS=3D$TARGET_CFLAGS\ -fno-stack-protector +fi] + AC_SUBST(TARGET_CFLAGS) AC_SUBST(TARGET_CPPFLAGS) AC_SUBST(TARGET_LDFLAGS) Regards, Thomas --F41/6/O0EvKTfNqT Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFFgvkpgfzh735dTTURAtY3AKCOdqSjUJ8utx23JqGXPKgKaxp7iACgvmBX C5D0M5fvwBm62T2xLU5hOVg= =PIsH -----END PGP SIGNATURE----- --F41/6/O0EvKTfNqT--