This is the mail archive of the libc-help@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: inlining failed

From: Nix <nix at esperi dot org dot uk>
To: "Carlos O'Donell" <carlos at systemhalted dot org>
Cc: Dominik Táborský <bremby at seznam dot cz>, libc-help at sourceware dot org
Date: Sat, 29 Nov 2008 22:56:12 +0000
Subject: Re: inlining failed
References: <1227974019.24048.32.camel@eddy> <87wsemclqi.fsf@hades.wkstn.nix><119aab440811291304o2c929d3bw9fb3c05c2a814a6b@mail.gmail.com><87skpacjsb.fsf@hades.wkstn.nix><119aab440811291357h4689c400ka112d66b235154de@mail.gmail.com>

On 29 Nov 2008, Carlos O'Donell verbalised:

> On Sat, Nov 29, 2008 at 4:19 PM, Nix <nix@esperi.org.uk> wrote:
>>> This looks like a nice patch, have you submitted it as an enhancement
>>> in the bugzilla?
>>
>> Nope. I didn't know that was where enhancements were tracked (as opposed
>> to bugfixes), and I didn't have any idea if the patch was any good at
>> all, or even useful... I was sort of hoping for comments. 'Nice patch'
>> counts :)
>
> Your patch has a lot of problems, but I like the idea.

Well, it started out as a quick hack to let me stack-protect my firewall
completely. Let's see if we can make it less nasty :) I was really
hoping for confirmation that the approach made sense (it works, but that
doesn't mean it's necessarily going about things in the right way).

> Issues:
> 1. There should be a configure switch to enable the use of libssp with glibc.

What, so that glibc can link with -lssp instead of implementing
__stack_chk_fail() itself? Can do. I held off from doing this because I
worried that it risks inflooping, but, no, libssp always implements
__stack_chk_fail(), so that should be safe.

I'd like to find a way to syslog() errors, as well, but didn't find a
way to make that work (I can't remember what the failure mode was: will
retest).

> 2. Conditionalize or use a variable to represent -lssp should be used.

(We can't avoid using -lssp in configure if the user has forced
-fstack-protector in CFLAGS. Perhaps we should have an --enable switch
that turns on both -fstack-protector *and* -lssp usage? That would
probably be neatest.)

I'm not really sure if using a variable to allow you to change the name
of -lssp: that library only has one implementation that I'm aware of, in
GCC, and its name is fixed. But I'd agree that I shouldn't be linking
with it unconditionally!

> 3. Use lib_cv_ssp which is checked?

Agreed (missed that). The addition of -lssp can't be avoided if we use
-fstack-protector, though: linkage with -nostdlib and without -lc fails
without it. So we should fail if stack protection is enabled and libssp
isn't found.

>> (I also assumed that every distro out there had probably done something
>> like this, until I checked and found that a lot of them just force off
>> stack protection for all of libc. Since only ld.so is really allergic to
>> it, this is excessive.)
>
> Development gets done whenever and wherever a developer submits a patch :-)

Well, yes, but I'd have thought the various Hardened $FOO projects would
have done it already :)

References:
- inlining failed
  - From: Dominik Táborský
- Re: inlining failed
  - From: Nix
- Re: inlining failed
  - From: Carlos O'Donell
- Re: inlining failed
  - From: Nix
- Re: inlining failed
  - From: Carlos O'Donell

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]