* Fortify_source and stack-protector-strong
@ 2022-03-01 23:23 Reinoud Koornstra
2022-03-02 10:22 ` Florian Weimer
0 siblings, 1 reply; 10+ messages in thread
From: Reinoud Koornstra @ 2022-03-01 23:23 UTC (permalink / raw)
To: gcc-help
Hello Everyone,
Is it possible to compile with -stack-protector-strong and FORTIFY_SOURCE=1
or =2?
Or should both be used exclusively from another? Both check for similar
things.
Thanks,
Reinoud.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Fortify_source and stack-protector-strong
2022-03-01 23:23 Fortify_source and stack-protector-strong Reinoud Koornstra
@ 2022-03-02 10:22 ` Florian Weimer
2022-03-02 19:09 ` Reinoud Koornstra
0 siblings, 1 reply; 10+ messages in thread
From: Florian Weimer @ 2022-03-02 10:22 UTC (permalink / raw)
To: Reinoud Koornstra via Gcc-help; +Cc: Reinoud Koornstra
* Reinoud Koornstra via Gcc-help:
> Is it possible to compile with -stack-protector-strong and
> FORTIFY_SOURCE=1 or =2? Or should both be used exclusively from
> another? Both check for similar things.
They complement each other. I think most distributions use both these
days (-fstack-protector-strong and -D_FORTIFY_SOURCE=2).
Thanks,
Florian
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Fortify_source and stack-protector-strong
2022-03-02 10:22 ` Florian Weimer
@ 2022-03-02 19:09 ` Reinoud Koornstra
2022-03-02 19:46 ` Xi Ruoyao
0 siblings, 1 reply; 10+ messages in thread
From: Reinoud Koornstra @ 2022-03-02 19:09 UTC (permalink / raw)
To: Florian Weimer; +Cc: Reinoud Koornstra via Gcc-help
Hi Florian,
Thanks very much for your reply.
-D_FORTIFY_SOURCE=1 is just during compile time and -D_FORTIFY_SOURCE=2
also has runtime checks for variable length?
Thanks,
Reinoud
On Wed, Mar 2, 2022, 2:22 AM Florian Weimer <fweimer@redhat.com> wrote:
> * Reinoud Koornstra via Gcc-help:
>
> > Is it possible to compile with -stack-protector-strong and
> > FORTIFY_SOURCE=1 or =2? Or should both be used exclusively from
> > another? Both check for similar things.
>
> They complement each other. I think most distributions use both these
> days (-fstack-protector-strong and -D_FORTIFY_SOURCE=2).
>
> Thanks,
> Florian
>
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Fortify_source and stack-protector-strong
2022-03-02 19:09 ` Reinoud Koornstra
@ 2022-03-02 19:46 ` Xi Ruoyao
2022-03-02 20:05 ` Reinoud Koornstra
0 siblings, 1 reply; 10+ messages in thread
From: Xi Ruoyao @ 2022-03-02 19:46 UTC (permalink / raw)
To: Reinoud Koornstra, Florian Weimer; +Cc: Reinoud Koornstra via Gcc-help
On Wed, 2022-03-02 at 11:09 -0800, Reinoud Koornstra via Gcc-help wrote:
> Hi Florian,
>
> Thanks very much for your reply.
> -D_FORTIFY_SOURCE=1 is just during compile time and -D_FORTIFY_SOURCE=2
> also has runtime checks for variable length?
Both -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2 determine buffer size
at compile time. But they are runtime checks: the input size is
compared with the buffer size at runtime. They are not a pure compile-
time checking like -Wstringop-overflow.
-D_FORTIFY_SOURCE=3 supports runtime calculation of variable-length
buffer, but it needs Glibc >= 2.35 and GCC >= 12.0 (not released yet).
--
Xi Ruoyao <xry111@mengyan1223.wang>
School of Aerospace Science and Technology, Xidian University
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Fortify_source and stack-protector-strong
2022-03-02 19:46 ` Xi Ruoyao
@ 2022-03-02 20:05 ` Reinoud Koornstra
2022-03-02 20:23 ` Xi Ruoyao
0 siblings, 1 reply; 10+ messages in thread
From: Reinoud Koornstra @ 2022-03-02 20:05 UTC (permalink / raw)
To: Xi Ruoyao; +Cc: Florian Weimer, Reinoud Koornstra via Gcc-help
Hi Xi,
Thanks for your reply.
Then what is the difference between -D_FORTIFY_SOURCE=1 and
-D_FORTIFY_SOURCE=2 exactly?
The resulting binary size doesn't seem to differ much?
Thanks,
Reinoud.
On Wed, Mar 2, 2022, 11:46 AM Xi Ruoyao <xry111@mengyan1223.wang> wrote:
> On Wed, 2022-03-02 at 11:09 -0800, Reinoud Koornstra via Gcc-help wrote:
> > Hi Florian,
> >
> > Thanks very much for your reply.
> > -D_FORTIFY_SOURCE=1 is just during compile time and -D_FORTIFY_SOURCE=2
> > also has runtime checks for variable length?
>
> Both -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2 determine buffer size
> at compile time. But they are runtime checks: the input size is
> compared with the buffer size at runtime. They are not a pure compile-
> time checking like -Wstringop-overflow.
>
> -D_FORTIFY_SOURCE=3 supports runtime calculation of variable-length
> buffer, but it needs Glibc >= 2.35 and GCC >= 12.0 (not released yet).
> --
> Xi Ruoyao <xry111@mengyan1223.wang>
> School of Aerospace Science and Technology, Xidian University
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Fortify_source and stack-protector-strong
2022-03-02 20:05 ` Reinoud Koornstra
@ 2022-03-02 20:23 ` Xi Ruoyao
2022-03-02 20:45 ` Reinoud Koornstra
0 siblings, 1 reply; 10+ messages in thread
From: Xi Ruoyao @ 2022-03-02 20:23 UTC (permalink / raw)
To: Reinoud Koornstra; +Cc: Florian Weimer, Reinoud Koornstra via Gcc-help
On Wed, 2022-03-02 at 12:05 -0800, Reinoud Koornstra wrote:
> Hi Xi,
>
> Thanks for your reply.
> Then what is the difference between -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2 exactly?
-D_FORTIFY_SOURCE=1 uses __builtin_object_size(..., 0) as the buffer
size, but -D_FORTIFY_SOURCE=2 uses __builtin_object_size(..., 1). Read
https://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html for the
details.
One case is:
struct frame
{
int size;
char buf[0];
};
union
{
struct frame f;
char padding[100 + sizeof(struct frame)];
} u;
u.frame.size = strlen(s) + 1;
strcpy(u.frame.buf, s);
-D_FORTIFY_SOURCE=2 will abort this, but -D_FORTIFY_SOURCE=1 won't.
(Yes, I know "char buf[0]" should be changed to a flexible array member
"char buf[]" to fix this, but it is just an example.)
--
Xi Ruoyao <xry111@mengyan1223.wang>
School of Aerospace Science and Technology, Xidian University
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Fortify_source and stack-protector-strong
2022-03-02 20:23 ` Xi Ruoyao
@ 2022-03-02 20:45 ` Reinoud Koornstra
2022-03-11 19:01 ` Reinoud Koornstra
0 siblings, 1 reply; 10+ messages in thread
From: Reinoud Koornstra @ 2022-03-02 20:45 UTC (permalink / raw)
To: Xi Ruoyao; +Cc: Florian Weimer, Reinoud Koornstra via Gcc-help
Thanks for the explanation!
Better to use =2 then.
But Strack protector and FORTIFY can be active as compiler arguments at the
same time as I understand. Just the binary size will grow. Thanks,
Reinoud.
On Wed, Mar 2, 2022, 12:23 PM Xi Ruoyao <xry111@mengyan1223.wang> wrote:
> On Wed, 2022-03-02 at 12:05 -0800, Reinoud Koornstra wrote:
> > Hi Xi,
> >
> > Thanks for your reply.
> > Then what is the difference between -D_FORTIFY_SOURCE=1 and
> -D_FORTIFY_SOURCE=2 exactly?
>
> -D_FORTIFY_SOURCE=1 uses __builtin_object_size(..., 0) as the buffer
> size, but -D_FORTIFY_SOURCE=2 uses __builtin_object_size(..., 1). Read
> https://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html for the
> details.
>
> One case is:
>
> struct frame
> {
> int size;
> char buf[0];
> };
>
> union
> {
> struct frame f;
> char padding[100 + sizeof(struct frame)];
> } u;
>
> u.frame.size = strlen(s) + 1;
> strcpy(u.frame.buf, s);
>
> -D_FORTIFY_SOURCE=2 will abort this, but -D_FORTIFY_SOURCE=1 won't.
> (Yes, I know "char buf[0]" should be changed to a flexible array member
> "char buf[]" to fix this, but it is just an example.)
> --
> Xi Ruoyao <xry111@mengyan1223.wang>
> School of Aerospace Science and Technology, Xidian University
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Fortify_source and stack-protector-strong
2022-03-02 20:45 ` Reinoud Koornstra
@ 2022-03-11 19:01 ` Reinoud Koornstra
2022-03-12 8:19 ` Xi Ruoyao
2022-04-19 11:24 ` Florian Weimer
0 siblings, 2 replies; 10+ messages in thread
From: Reinoud Koornstra @ 2022-03-11 19:01 UTC (permalink / raw)
To: Xi Ruoyao; +Cc: Florian Weimer, Reinoud Koornstra via Gcc-help
One more question, for FORTIFY_SOURCE=2, can I use either -O1 or -O2
optimization flags?
I noticed it doesn't like -Os. Thanks,
Reinoud.
On Wed, Mar 2, 2022, 12:45 PM Reinoud Koornstra <reinoudkoornstra@gmail.com>
wrote:
> Thanks for the explanation!
> Better to use =2 then.
> But Strack protector and FORTIFY can be active as compiler arguments at
> the same time as I understand. Just the binary size will grow. Thanks,
>
> Reinoud.
>
> On Wed, Mar 2, 2022, 12:23 PM Xi Ruoyao <xry111@mengyan1223.wang> wrote:
>
>> On Wed, 2022-03-02 at 12:05 -0800, Reinoud Koornstra wrote:
>> > Hi Xi,
>> >
>> > Thanks for your reply.
>> > Then what is the difference between -D_FORTIFY_SOURCE=1 and
>> -D_FORTIFY_SOURCE=2 exactly?
>>
>> -D_FORTIFY_SOURCE=1 uses __builtin_object_size(..., 0) as the buffer
>> size, but -D_FORTIFY_SOURCE=2 uses __builtin_object_size(..., 1). Read
>> https://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html for the
>> details.
>>
>> One case is:
>>
>> struct frame
>> {
>> int size;
>> char buf[0];
>> };
>>
>> union
>> {
>> struct frame f;
>> char padding[100 + sizeof(struct frame)];
>> } u;
>>
>> u.frame.size = strlen(s) + 1;
>> strcpy(u.frame.buf, s);
>>
>> -D_FORTIFY_SOURCE=2 will abort this, but -D_FORTIFY_SOURCE=1 won't.
>> (Yes, I know "char buf[0]" should be changed to a flexible array member
>> "char buf[]" to fix this, but it is just an example.)
>> --
>> Xi Ruoyao <xry111@mengyan1223.wang>
>> School of Aerospace Science and Technology, Xidian University
>>
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Fortify_source and stack-protector-strong
2022-03-11 19:01 ` Reinoud Koornstra
@ 2022-03-12 8:19 ` Xi Ruoyao
2022-04-19 11:24 ` Florian Weimer
1 sibling, 0 replies; 10+ messages in thread
From: Xi Ruoyao @ 2022-03-12 8:19 UTC (permalink / raw)
To: Reinoud Koornstra; +Cc: Florian Weimer, Reinoud Koornstra via Gcc-help
On Fri, 2022-03-11 at 11:01 -0800, Reinoud Koornstra wrote:
> One more question, for FORTIFY_SOURCE=2, can I use either -O1 or -O2
> optimization flags?
> I noticed it doesn't like -Os. Thanks,
Anything other than -O0 will work. But you should have asked this
question in a Glibc mail list because _FORTIFY_SOURCE is a feature of
Glibc, not GCC.
--
Xi Ruoyao <xry111@mengyan1223.wang>
School of Aerospace Science and Technology, Xidian University
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Fortify_source and stack-protector-strong
2022-03-11 19:01 ` Reinoud Koornstra
2022-03-12 8:19 ` Xi Ruoyao
@ 2022-04-19 11:24 ` Florian Weimer
1 sibling, 0 replies; 10+ messages in thread
From: Florian Weimer @ 2022-04-19 11:24 UTC (permalink / raw)
To: Reinoud Koornstra; +Cc: Xi Ruoyao, Reinoud Koornstra via Gcc-help
* Reinoud Koornstra:
> One more question, for FORTIFY_SOURCE=2, can I use either -O1 or -O2
> optimization flags? I noticed it doesn't like -Os. Thanks,
Historically, I think the expectation was that 1 should be used with -O1
and 2 with -O2. But I think the required passes run at -O1 as well.
Thanks,
Florian
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2022-04-19 11:25 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-01 23:23 Fortify_source and stack-protector-strong Reinoud Koornstra
2022-03-02 10:22 ` Florian Weimer
2022-03-02 19:09 ` Reinoud Koornstra
2022-03-02 19:46 ` Xi Ruoyao
2022-03-02 20:05 ` Reinoud Koornstra
2022-03-02 20:23 ` Xi Ruoyao
2022-03-02 20:45 ` Reinoud Koornstra
2022-03-11 19:01 ` Reinoud Koornstra
2022-03-12 8:19 ` Xi Ruoyao
2022-04-19 11:24 ` Florian Weimer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).