* Fortify_source and stack-protector-strong @ 2022-03-01 23:23 Reinoud Koornstra 2022-03-02 10:22 ` Florian Weimer 0 siblings, 1 reply; 10+ messages in thread From: Reinoud Koornstra @ 2022-03-01 23:23 UTC (permalink / raw) To: gcc-help Hello Everyone, Is it possible to compile with -stack-protector-strong and FORTIFY_SOURCE=1 or =2? Or should both be used exclusively from another? Both check for similar things. Thanks, Reinoud. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Fortify_source and stack-protector-strong 2022-03-01 23:23 Fortify_source and stack-protector-strong Reinoud Koornstra @ 2022-03-02 10:22 ` Florian Weimer 2022-03-02 19:09 ` Reinoud Koornstra 0 siblings, 1 reply; 10+ messages in thread From: Florian Weimer @ 2022-03-02 10:22 UTC (permalink / raw) To: Reinoud Koornstra via Gcc-help; +Cc: Reinoud Koornstra * Reinoud Koornstra via Gcc-help: > Is it possible to compile with -stack-protector-strong and > FORTIFY_SOURCE=1 or =2? Or should both be used exclusively from > another? Both check for similar things. They complement each other. I think most distributions use both these days (-fstack-protector-strong and -D_FORTIFY_SOURCE=2). Thanks, Florian ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Fortify_source and stack-protector-strong 2022-03-02 10:22 ` Florian Weimer @ 2022-03-02 19:09 ` Reinoud Koornstra 2022-03-02 19:46 ` Xi Ruoyao 0 siblings, 1 reply; 10+ messages in thread From: Reinoud Koornstra @ 2022-03-02 19:09 UTC (permalink / raw) To: Florian Weimer; +Cc: Reinoud Koornstra via Gcc-help Hi Florian, Thanks very much for your reply. -D_FORTIFY_SOURCE=1 is just during compile time and -D_FORTIFY_SOURCE=2 also has runtime checks for variable length? Thanks, Reinoud On Wed, Mar 2, 2022, 2:22 AM Florian Weimer <fweimer@redhat.com> wrote: > * Reinoud Koornstra via Gcc-help: > > > Is it possible to compile with -stack-protector-strong and > > FORTIFY_SOURCE=1 or =2? Or should both be used exclusively from > > another? Both check for similar things. > > They complement each other. I think most distributions use both these > days (-fstack-protector-strong and -D_FORTIFY_SOURCE=2). > > Thanks, > Florian > > ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Fortify_source and stack-protector-strong 2022-03-02 19:09 ` Reinoud Koornstra @ 2022-03-02 19:46 ` Xi Ruoyao 2022-03-02 20:05 ` Reinoud Koornstra 0 siblings, 1 reply; 10+ messages in thread From: Xi Ruoyao @ 2022-03-02 19:46 UTC (permalink / raw) To: Reinoud Koornstra, Florian Weimer; +Cc: Reinoud Koornstra via Gcc-help On Wed, 2022-03-02 at 11:09 -0800, Reinoud Koornstra via Gcc-help wrote: > Hi Florian, > > Thanks very much for your reply. > -D_FORTIFY_SOURCE=1 is just during compile time and -D_FORTIFY_SOURCE=2 > also has runtime checks for variable length? Both -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2 determine buffer size at compile time. But they are runtime checks: the input size is compared with the buffer size at runtime. They are not a pure compile- time checking like -Wstringop-overflow. -D_FORTIFY_SOURCE=3 supports runtime calculation of variable-length buffer, but it needs Glibc >= 2.35 and GCC >= 12.0 (not released yet). -- Xi Ruoyao <xry111@mengyan1223.wang> School of Aerospace Science and Technology, Xidian University ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Fortify_source and stack-protector-strong 2022-03-02 19:46 ` Xi Ruoyao @ 2022-03-02 20:05 ` Reinoud Koornstra 2022-03-02 20:23 ` Xi Ruoyao 0 siblings, 1 reply; 10+ messages in thread From: Reinoud Koornstra @ 2022-03-02 20:05 UTC (permalink / raw) To: Xi Ruoyao; +Cc: Florian Weimer, Reinoud Koornstra via Gcc-help Hi Xi, Thanks for your reply. Then what is the difference between -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2 exactly? The resulting binary size doesn't seem to differ much? Thanks, Reinoud. On Wed, Mar 2, 2022, 11:46 AM Xi Ruoyao <xry111@mengyan1223.wang> wrote: > On Wed, 2022-03-02 at 11:09 -0800, Reinoud Koornstra via Gcc-help wrote: > > Hi Florian, > > > > Thanks very much for your reply. > > -D_FORTIFY_SOURCE=1 is just during compile time and -D_FORTIFY_SOURCE=2 > > also has runtime checks for variable length? > > Both -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2 determine buffer size > at compile time. But they are runtime checks: the input size is > compared with the buffer size at runtime. They are not a pure compile- > time checking like -Wstringop-overflow. > > -D_FORTIFY_SOURCE=3 supports runtime calculation of variable-length > buffer, but it needs Glibc >= 2.35 and GCC >= 12.0 (not released yet). > -- > Xi Ruoyao <xry111@mengyan1223.wang> > School of Aerospace Science and Technology, Xidian University > ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Fortify_source and stack-protector-strong 2022-03-02 20:05 ` Reinoud Koornstra @ 2022-03-02 20:23 ` Xi Ruoyao 2022-03-02 20:45 ` Reinoud Koornstra 0 siblings, 1 reply; 10+ messages in thread From: Xi Ruoyao @ 2022-03-02 20:23 UTC (permalink / raw) To: Reinoud Koornstra; +Cc: Florian Weimer, Reinoud Koornstra via Gcc-help On Wed, 2022-03-02 at 12:05 -0800, Reinoud Koornstra wrote: > Hi Xi, > > Thanks for your reply. > Then what is the difference between -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2 exactly? -D_FORTIFY_SOURCE=1 uses __builtin_object_size(..., 0) as the buffer size, but -D_FORTIFY_SOURCE=2 uses __builtin_object_size(..., 1). Read https://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html for the details. One case is: struct frame { int size; char buf[0]; }; union { struct frame f; char padding[100 + sizeof(struct frame)]; } u; u.frame.size = strlen(s) + 1; strcpy(u.frame.buf, s); -D_FORTIFY_SOURCE=2 will abort this, but -D_FORTIFY_SOURCE=1 won't. (Yes, I know "char buf[0]" should be changed to a flexible array member "char buf[]" to fix this, but it is just an example.) -- Xi Ruoyao <xry111@mengyan1223.wang> School of Aerospace Science and Technology, Xidian University ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Fortify_source and stack-protector-strong 2022-03-02 20:23 ` Xi Ruoyao @ 2022-03-02 20:45 ` Reinoud Koornstra 2022-03-11 19:01 ` Reinoud Koornstra 0 siblings, 1 reply; 10+ messages in thread From: Reinoud Koornstra @ 2022-03-02 20:45 UTC (permalink / raw) To: Xi Ruoyao; +Cc: Florian Weimer, Reinoud Koornstra via Gcc-help Thanks for the explanation! Better to use =2 then. But Strack protector and FORTIFY can be active as compiler arguments at the same time as I understand. Just the binary size will grow. Thanks, Reinoud. On Wed, Mar 2, 2022, 12:23 PM Xi Ruoyao <xry111@mengyan1223.wang> wrote: > On Wed, 2022-03-02 at 12:05 -0800, Reinoud Koornstra wrote: > > Hi Xi, > > > > Thanks for your reply. > > Then what is the difference between -D_FORTIFY_SOURCE=1 and > -D_FORTIFY_SOURCE=2 exactly? > > -D_FORTIFY_SOURCE=1 uses __builtin_object_size(..., 0) as the buffer > size, but -D_FORTIFY_SOURCE=2 uses __builtin_object_size(..., 1). Read > https://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html for the > details. > > One case is: > > struct frame > { > int size; > char buf[0]; > }; > > union > { > struct frame f; > char padding[100 + sizeof(struct frame)]; > } u; > > u.frame.size = strlen(s) + 1; > strcpy(u.frame.buf, s); > > -D_FORTIFY_SOURCE=2 will abort this, but -D_FORTIFY_SOURCE=1 won't. > (Yes, I know "char buf[0]" should be changed to a flexible array member > "char buf[]" to fix this, but it is just an example.) > -- > Xi Ruoyao <xry111@mengyan1223.wang> > School of Aerospace Science and Technology, Xidian University > ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Fortify_source and stack-protector-strong 2022-03-02 20:45 ` Reinoud Koornstra @ 2022-03-11 19:01 ` Reinoud Koornstra 2022-03-12 8:19 ` Xi Ruoyao 2022-04-19 11:24 ` Florian Weimer 0 siblings, 2 replies; 10+ messages in thread From: Reinoud Koornstra @ 2022-03-11 19:01 UTC (permalink / raw) To: Xi Ruoyao; +Cc: Florian Weimer, Reinoud Koornstra via Gcc-help One more question, for FORTIFY_SOURCE=2, can I use either -O1 or -O2 optimization flags? I noticed it doesn't like -Os. Thanks, Reinoud. On Wed, Mar 2, 2022, 12:45 PM Reinoud Koornstra <reinoudkoornstra@gmail.com> wrote: > Thanks for the explanation! > Better to use =2 then. > But Strack protector and FORTIFY can be active as compiler arguments at > the same time as I understand. Just the binary size will grow. Thanks, > > Reinoud. > > On Wed, Mar 2, 2022, 12:23 PM Xi Ruoyao <xry111@mengyan1223.wang> wrote: > >> On Wed, 2022-03-02 at 12:05 -0800, Reinoud Koornstra wrote: >> > Hi Xi, >> > >> > Thanks for your reply. >> > Then what is the difference between -D_FORTIFY_SOURCE=1 and >> -D_FORTIFY_SOURCE=2 exactly? >> >> -D_FORTIFY_SOURCE=1 uses __builtin_object_size(..., 0) as the buffer >> size, but -D_FORTIFY_SOURCE=2 uses __builtin_object_size(..., 1). Read >> https://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html for the >> details. >> >> One case is: >> >> struct frame >> { >> int size; >> char buf[0]; >> }; >> >> union >> { >> struct frame f; >> char padding[100 + sizeof(struct frame)]; >> } u; >> >> u.frame.size = strlen(s) + 1; >> strcpy(u.frame.buf, s); >> >> -D_FORTIFY_SOURCE=2 will abort this, but -D_FORTIFY_SOURCE=1 won't. >> (Yes, I know "char buf[0]" should be changed to a flexible array member >> "char buf[]" to fix this, but it is just an example.) >> -- >> Xi Ruoyao <xry111@mengyan1223.wang> >> School of Aerospace Science and Technology, Xidian University >> > ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Fortify_source and stack-protector-strong 2022-03-11 19:01 ` Reinoud Koornstra @ 2022-03-12 8:19 ` Xi Ruoyao 2022-04-19 11:24 ` Florian Weimer 1 sibling, 0 replies; 10+ messages in thread From: Xi Ruoyao @ 2022-03-12 8:19 UTC (permalink / raw) To: Reinoud Koornstra; +Cc: Florian Weimer, Reinoud Koornstra via Gcc-help On Fri, 2022-03-11 at 11:01 -0800, Reinoud Koornstra wrote: > One more question, for FORTIFY_SOURCE=2, can I use either -O1 or -O2 > optimization flags? > I noticed it doesn't like -Os. Thanks, Anything other than -O0 will work. But you should have asked this question in a Glibc mail list because _FORTIFY_SOURCE is a feature of Glibc, not GCC. -- Xi Ruoyao <xry111@mengyan1223.wang> School of Aerospace Science and Technology, Xidian University ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Fortify_source and stack-protector-strong 2022-03-11 19:01 ` Reinoud Koornstra 2022-03-12 8:19 ` Xi Ruoyao @ 2022-04-19 11:24 ` Florian Weimer 1 sibling, 0 replies; 10+ messages in thread From: Florian Weimer @ 2022-04-19 11:24 UTC (permalink / raw) To: Reinoud Koornstra; +Cc: Xi Ruoyao, Reinoud Koornstra via Gcc-help * Reinoud Koornstra: > One more question, for FORTIFY_SOURCE=2, can I use either -O1 or -O2 > optimization flags? I noticed it doesn't like -Os. Thanks, Historically, I think the expectation was that 1 should be used with -O1 and 2 with -O2. But I think the required passes run at -O1 as well. Thanks, Florian ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2022-04-19 11:25 UTC | newest] Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-03-01 23:23 Fortify_source and stack-protector-strong Reinoud Koornstra 2022-03-02 10:22 ` Florian Weimer 2022-03-02 19:09 ` Reinoud Koornstra 2022-03-02 19:46 ` Xi Ruoyao 2022-03-02 20:05 ` Reinoud Koornstra 2022-03-02 20:23 ` Xi Ruoyao 2022-03-02 20:45 ` Reinoud Koornstra 2022-03-11 19:01 ` Reinoud Koornstra 2022-03-12 8:19 ` Xi Ruoyao 2022-04-19 11:24 ` Florian Weimer
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).