Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 17 Nov 2024 19:28:50 +0100
From:      Dimitry Andric <dim@FreeBSD.org>
To:        Alexander Leidinger <Alexander@Leidinger.net>
Cc:        Current FreeBSD <freebsd-current@freebsd.org>
Subject:   Re: Playing around with security hardening compiler flags
Message-ID:  <812A3C4D-35FA-4F98-B279-F550D3296C12@FreeBSD.org>
In-Reply-To: <01a4b49d43860c30e480ec7cf5bd08f9@Leidinger.net>
index | next in thread | previous in thread | raw e-mail 

[-- Attachment #1 --]
On 17 Nov 2024, at 16:30, Alexander Leidinger <Alexander@Leidinger.net> wrote:
> 
> Hi,
> 
> after reading
>    https://security.googleblog.com/2024/11/retrofitting-spatial-safety-to-hundreds.html
>    https://libcxx.llvm.org/Hardening.html
>    https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
> I played around a bit with some of the flags there (in CFLAGS).
> 
> What doesn't work:
> - -fstrict-flex-arrays=3   (variable array issue in IIRC a tool for ath)
> - -fstrict-flex-arrays=2   (issue in another area, haven't checked further)
> 
> What works and results in a world+kernel which is able to boot:
> - -D_GLIBCXX_ASSERTIONS
> - -fstrict-flex-arrays=1
> - -fstack-clash-protection
> - -D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_EXTENSIVE

FWIW the default hardening mode for libc++ is already extensive. There is also a debug mode, but that is not suitable for general use. I have not yet considered any WITH/WITHOUT options to fiddle with this, since it is an option with 4 possible values: none, fast, extensive, and debug.

_GLIBCXX_ASSERTIONS is a similar directive for libstdc++, so it won't make much difference for the base system, but it could be good for some ports. (Not sure about the overhead though.)

I am unsure about the usefulness of -fstrict-flex-arrays, I have not really played with this option. I would expect more warnings to come out?

Last but not least, -fstack-clash-protection might be useful, but I think it might need some additional runtime support? E.g. in libc?

-Dimitry


[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.2

iF0EARECAB0WIQR6tGLSzjX8bUI5T82wXqMKLiCWowUCZzo14gAKCRCwXqMKLiCW
ows9AJ0daLhHhB0A5u1J5MyChziaFEWz/gCguyzVOpjfONIG2aP/kj5NO3eZPtA=
=X4nm
-----END PGP SIGNATURE-----
help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?812A3C4D-35FA-4F98-B279-F550D3296C12>