Date: Sun, 26 Jan 2025 13:38:00 +0100 From: Alexander Leidinger <netchild@FreeBSD.org> To: Jessica Clarke <jrtc27@freebsd.org> Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag Message-ID: <3e0e88c0031d9c3e1f6232f2949f8909@FreeBSD.org> In-Reply-To: <6C70A3E0-CC6D-4B0B-96A8-70636F08AC6B@freebsd.org> References: <202501251308.50PD8Qsg042260@gitrepo.freebsd.org> <81A8E695-5034-4945-8D07-DF95E76904D0@freebsd.org> <9fec6bfae287dfc123a359c3e1164ae2@FreeBSD.org> <6C70A3E0-CC6D-4B0B-96A8-70636F08AC6B@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --=_5085ee47075ddbc0f028b7423686aebd Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8; format=flowed Am 2025-01-25 20:21, schrieb Jessica Clarke: > It looks like with Clang we end up using -Qunused-arguments so the > warning/error is suppressed. That at least means the build doesn’t > fail, which I suppose is good, but I’m not sure we should be promising > that WITH_SSP will protect against stack clash then having the compiler > silently emit unprotected code (for which we’re to blame, by telling it > to ignore the fact it’s not supported). This at least needs to be > documented that the protection will only be provided if supported by > the compiler. Like this? diff --git share/man/man7/mitigations.7 share/man/man7/mitigations.7 index 4db6589cdcf1..82a8e3a2c1c2 100644 --- share/man/man7/mitigations.7 +++ share/man/man7/mitigations.7 @@ -28,7 +28,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd January 25, 2025 +.Dd January 26, 2025 .Dt MITIGATIONS 7 .Os .Sh NAME @@ -245,7 +245,7 @@ and it is possible that some applications may not function correctly. supports stack overflow protection using the Stack Smashing Protector .Pq SSP compiler feature, -and stack clash protection. +and stack clash protection (if supported by the compiler for the given architecture). In userland, SSP adds a per-process randomized canary at the end of every stack frame which is checked for corruption upon return from the function, and stack probing in Bye, Alexander. -- http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF --=_5085ee47075ddbc0f028b7423686aebd Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc; size=833 Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEER9UlYXp1PSd08nWXEg2wmwP42IYFAmeWLLoACgkQEg2wmwP4 2IYDzw/6A11VzeYbkFH/RqFHF+IzX47mBT7YUzNqB9Ipf0ahw3STb6irrjpkPNVD Jc2SL77VkRgBLR5aadYgPSpuTUeT/tfZMg0J40erZZn7+VAdDlYHpz39zzVAXDPe c5NJA98IE4JpiKn1J2h24j44a6mYIhTL0j94UsUJiw4yMV8qyRlwd7hRinK/qcC+ jw/5xQnKruM8W06S4+3EOwO/Dnx4CSlQOQAE75FskArRXDpb5wraUUM4oVRriWHf rzQU3XEp9cjjEn+BqQ03yzeClKbzWf9L2+gGcTriFDAn/LlQw0yYHjaNsrGZkBX1 H7mgdaUXanjnn30upYhhaQWG7WFTmpyso2neg3K3lMhiZLjQlWeJsqymeMS00VAV nvlVvLwsBMFJpMXYskF5g/v42nUOxl2I25IzdBy7aY+z6CHRQdSyR3y3eeBFj43n ZmUWlh9+QqIqb4yEpzaAds9wjjK+f4KRT810WlXrZMqK3k1bmWhzjZvqwy3gE4uR zJExfTk2B2gTNn6IB7aGfcpmyv7jG4d1OsRZyPmJtoQP9u/g9FG36irgQ3feP1jL EtzCI8w8IAozZbCzzY9Bz3OmI/6ckKOxZIDV88Z1rC6KOxT46qw4H4iHvGIC+02I sZO3CgVIn61fGfAslyrnhA27ibL8assvjmXGTD01X1WPZuqIJkA= =ORyb -----END PGP SIGNATURE----- --=_5085ee47075ddbc0f028b7423686aebd--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3e0e88c0031d9c3e1f6232f2949f8909>