Home Explore Help
Register Sign In
PUBLIC_REPOS
/
buildroot
mirror of git://git.buildroot.net/buildroot
2
1
Fork 0
Files
Browse Source

toolchain: granular choice for stack protector

Currently, we only support two levels of stach-smashing protection:
  - entirely disabled,
  - protect _all_ functions with -fstack-protector-all.

-fstack-protector-all tends to be far too aggressive and impacts
performance too much to be worth on a real product.

Add a choice that allows us to select between different levels of
stack-smashing protection:
  - none
  - basic   (NEW)
  - strong  (NEW)
  - all

The differences are documented in the GCC online documentation:
    https://gcc.gnu.org/onlinedocs/gcc-4.9.2/gcc/Optimize-Options.html

Signed-off-by: Steven Noonan <steven@uplinklabs.net>
[yann.morin.1998@free.fr:
  - rebase
  - add legacy handling
  - SSP-strong depends on gcc >= 4.9
  - slightly simple ifeq-block in package/Makefile.in
  - keep the comment in the choice; add a comment shen strong is not
    available
  - drop the defaults (only keep the legacy)
  - update commit log
]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas:
 - only show the choice if the toolchain has SSP support
 - add details for the BR2_SSP_ALL option that it has a significant
   performance impact.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Steven Noonan 9 years ago
parent
9ac65b37bd
commit
d29c7196bf
3 changed files with 56 additions and 5 deletions
Unified View Show Diff Stats
  1. 41 4
      Config.in
  2. 8 0
      Config.in.legacy
  3. 7 1
      package/Makefile.in

+ 41 - 4
Config.in
View File 

@@ -522,12 +522,13 @@ config BR2_GOOGLE_BREAKPAD_INCLUDE_FILES
 
 
 
 endif
 
 endif
 
 
 
-config BR2_ENABLE_SSP
 
+choice
 
 	bool "build code with Stack Smashing Protection"
 
 	bool "build code with Stack Smashing Protection"
 
+	default BR2_SSP_ALL if BR2_ENABLE_SSP # legacy
 
 	depends on BR2_TOOLCHAIN_HAS_SSP
 
 	depends on BR2_TOOLCHAIN_HAS_SSP
 
 	help
 
 	help
 
-	  Enable stack smashing protection support using GCCs
 
-	  -fstack-protector-all option.
 
+	  Enable stack smashing protection support using GCC's
 
+	  -fstack-protector option family.
 
 
 
 	  See http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
 
 	  See http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
 
 	  for details.
 
 	  for details.
 
@@ -536,7 +537,43 @@ config BR2_ENABLE_SSP
 
 	  support. This is always the case for glibc and eglibc
 
 	  support. This is always the case for glibc and eglibc
 
 	  toolchain, but is optional in uClibc toolchains.
 
 	  toolchain, but is optional in uClibc toolchains.
 
 
 
-comment "enabling Stack Smashing Protection requires support in the toolchain"
 
+config BR2_SSP_NONE
 
+	bool "None"
 
+	help
 
+	  Disable stack-smashing protection.
 
+
 
+config BR2_SSP_REGULAR
 
+	bool "-fstack-protector"
 
+	help
 
+	  Emit extra code to check for buffer overflows, such as stack
 
+	  smashing attacks. This is done by adding a guard variable to
 
+	  functions with vulnerable objects. This includes functions
 
+	  that call alloca, and functions with buffers larger than 8
 
+	  bytes. The guards are initialized when a function is entered
 
+	  and then checked when the function exits. If a guard check
 
+	  fails, an error message is printed and the program exits.
 
+
 
+config BR2_SSP_STRONG
 
+	bool "-fstack-protector-strong"
 
+	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9
 
+	help
 
+	  Like -fstack-protector but includes additional functions to be
 
+	  protected - those that have local array definitions, or have
 
+	  references to local frame addresses.
 
+
 
+comment "Stack Smashing Protection strong needs a toolchain w/ gcc >= 4.9"
 
+	depends on !BR2_TOOLCHAIN_GCC_AT_LEAST_4_9
 
+
 
+config BR2_SSP_ALL
 
+	bool "-fstack-protector-all"
 
+	help
 
+	  Like -fstack-protector except that all functions are
 
+	  protected. This option might have a significant performance
 
+	  impact on the compiled binaries.
 
+
 
+endchoice
 
+
 
+comment "Stack Smashing Protection needs a toolchain w/ SSP"
 
 	depends on !BR2_TOOLCHAIN_HAS_SSP
 
 	depends on !BR2_TOOLCHAIN_HAS_SSP
 
 
 
 choice
 
 choice

+ 8 - 0
Config.in.legacy
View File 

@@ -145,6 +145,14 @@ endif
 
 ###############################################################################
 
 ###############################################################################
 
 comment "Legacy options removed in 2016.02"
 
 comment "Legacy options removed in 2016.02"
 
 
 
+# BR2_ENABLE_SSP is still referenced in Config.in (default in choice)
 
+config BR2_ENABLE_SSP
 
+	bool "Stack Smashing protection now has different levels"
 
+	help
 
+	  The protection offered by SSP can now be selected from different
 
+	  protection levels. Be sure to review the SSP level in the build
 
+	  options menu.
 
+
 
 config BR2_PACKAGE_DIRECTFB_CLE266
 
 config BR2_PACKAGE_DIRECTFB_CLE266
 
 	bool "cle266 driver for directfb removed"
 
 	bool "cle266 driver for directfb removed"
 
 	select BR2_LEGACY
 
 	select BR2_LEGACY

+ 7 - 1
package/Makefile.in
View File 

@@ -159,7 +159,13 @@ TARGET_CFLAGS += -msep-data
 
 TARGET_CXXFLAGS += -msep-data
 
 TARGET_CXXFLAGS += -msep-data
 
 endif
 
 endif
 
 
 
-ifeq ($(BR2_ENABLE_SSP),y)
 
+ifeq ($(BR2_SSP_REGULAR),y)
 
+TARGET_CFLAGS += -fstack-protector
 
+TARGET_CXXFLAGS += -fstack-protector
 
+else ifeq ($(BR2_SSP_STRONG),y)
 
+TARGET_CFLAGS += -fstack-protector-strong
 
+TARGET_CXXFLAGS += -fstack-protector-strong
 
+else ifeq ($(BR2_SSP_ALL),y)
 
 TARGET_CFLAGS += -fstack-protector-all
 
 TARGET_CFLAGS += -fstack-protector-all
 
 TARGET_CXXFLAGS += -fstack-protector-all
 
 TARGET_CXXFLAGS += -fstack-protector-all
 
 endif
 
 endif