[Buildroot] [PATCH] implement granular choice for stack protector

From: Yann E. MORIN <yann.morin.1998@free.fr>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] implement granular choice for stack protector
Date: Sun, 27 Dec 2015 00:46:35 +0100	[thread overview]
Message-ID: <20151226234635.GE4083@free.fr> (raw)
In-Reply-To: <1426715182-25003-1-git-send-email-steven@uplinklabs.net>

Steven, All,

On 2015-03-18 14:46 -0700, Steven Noonan spake thusly:
> This allows us to choose between the varying degrees of stack-smashing
> protection. The differences are documented in the GCC online documentation[1].
> The -fstack-protector-full option tends to be far too aggressive and have too
> much of an impact on performance to be worth doing.
> 
> [1] https://gcc.gnu.org/onlinedocs/gcc-4.9.2/gcc/Optimize-Options.html
> Signed-off-by: Steven Noonan <steven@uplinklabs.net>

I've sent an updated version of this patch:
    https://patchwork.ozlabs.org/patch/561125/

Thanks! :-)

Regards,
Yann E. MORIN.

> ---
>  Config.in                  | 42 ++++++++++++++++++++++++++++++++++++++----
>  package/Makefile.in        | 10 +++++++++-
>  package/gcc/Config.in.host |  4 ++++
>  3 files changed, 51 insertions(+), 5 deletions(-)
> 
> diff --git a/Config.in b/Config.in
> index 2b39d6a..0006e37 100644
> --- a/Config.in
> +++ b/Config.in
> @@ -506,12 +506,13 @@ config BR2_GOOGLE_BREAKPAD_INCLUDE_FILES
>  
>  endif
>  
> -config BR2_ENABLE_SSP
> +choice
>  	bool "build code with Stack Smashing Protection"
> -	depends on BR2_TOOLCHAIN_HAS_SSP
> +	default BR2_SSP_STRONG if BR2_TOOLCHAIN_HAS_SSP_STRONG
> +	default BR2_SSP_REGULAR
>  	help
> -	  Enable stack smashing protection support using GCCs
> -	  -fstack-protector-all option.
> +	  Enable stack smashing protection support using GCC's
> +	  -fstack-protector option family.
>  
>  	  See http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
>  	  for details.
> @@ -520,6 +521,39 @@ config BR2_ENABLE_SSP
>  	  support. This is always the case for glibc and eglibc
>  	  toolchain, but is optional in uClibc toolchains.
>  
> +config BR2_SSP_NONE
> +	bool "None"
> +	help
> +	  Disable stack-smashing protection.
> +
> +config BR2_SSP_REGULAR
> +	bool "-fstack-protector"
> +	depends on BR2_TOOLCHAIN_HAS_SSP
> +	help
> +	  Emit extra code to check for buffer overflows, such as stack smashing
> +	  attacks. This is done by adding a guard variable to functions with
> +	  vulnerable objects. This includes functions that call alloca, and
> +	  functions with buffers larger than 8 bytes. The guards are initialized
> +	  when a function is entered and then checked when the function exits. If
> +	  a guard check fails, an error message is printed and the program exits.
> +
> +config BR2_SSP_STRONG
> +	bool "-fstack-protector-strong"
> +	depends on BR2_TOOLCHAIN_HAS_SSP
> +	depends on BR2_TOOLCHAIN_HAS_SSP_STRONG
> +	help
> +	  Like -fstack-protector but includes additional functions to be protected
> +	  ? those that have local array definitions, or have references to local
> +	  frame addresses.
> +
> +config BR2_SSP_ALL
> +	bool "-fstack-protector-all"
> +	depends on BR2_TOOLCHAIN_HAS_SSP
> +	help
> +	  Like -fstack-protector except that all functions are protected.
> +
> +endchoice
> +
>  comment "enabling Stack Smashing Protection requires support in the toolchain"
>  	depends on !BR2_TOOLCHAIN_HAS_SSP
>  
> diff --git a/package/Makefile.in b/package/Makefile.in
> index 803b162..68dc329 100644
> --- a/package/Makefile.in
> +++ b/package/Makefile.in
> @@ -163,7 +163,15 @@ TARGET_CFLAGS += -msep-data
>  TARGET_CXXFLAGS += -msep-data
>  endif
>  
> -ifeq ($(BR2_ENABLE_SSP),y)
> +ifeq ($(BR2_SSP_REGULAR),y)
> +TARGET_CFLAGS += -fstack-protector
> +TARGET_CXXFLAGS += -fstack-protector
> +endif
> +ifeq ($(BR2_SSP_STRONG),y)
> +TARGET_CFLAGS += -fstack-protector-strong
> +TARGET_CXXFLAGS += -fstack-protector-strong
> +endif
> +ifeq ($(BR2_SSP_ALL),y)
>  TARGET_CFLAGS += -fstack-protector-all
>  TARGET_CXXFLAGS += -fstack-protector-all
>  endif
> diff --git a/package/gcc/Config.in.host b/package/gcc/Config.in.host
> index 1a5281c..410bf35 100644
> --- a/package/gcc/Config.in.host
> +++ b/package/gcc/Config.in.host
> @@ -6,6 +6,9 @@ config BR2_GCC_NEEDS_MPC
>  config BR2_GCC_SUPPORTS_GRAPHITE
>  	bool
>  
> +config BR2_TOOLCHAIN_HAS_SSP_STRONG
> +	bool
> +
>  choice
>  	prompt "GCC compiler Version"
>  	default BR2_GCC_VERSION_4_8_ARC if BR2_arc
> @@ -77,6 +80,7 @@ choice
>  		# PR60102 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=60102
>  		select BR2_GCC_NEEDS_MPC
>  		select BR2_GCC_SUPPORTS_GRAPHITE
> +		select BR2_TOOLCHAIN_HAS_SSP_STRONG
>  
>  endchoice
>  
> -- 
> 2.3.3
> 
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'