Date: Sun, 17 Nov 2024 19:28:50 +0100 From: Dimitry Andric <dim@FreeBSD.org> To: Alexander Leidinger <Alexander@Leidinger.net> Cc: Current FreeBSD <freebsd-current@freebsd.org> Subject: Re: Playing around with security hardening compiler flags Message-ID: <812A3C4D-35FA-4F98-B279-F550D3296C12@FreeBSD.org> In-Reply-To: <01a4b49d43860c30e480ec7cf5bd08f9@Leidinger.net> References: <01a4b49d43860c30e480ec7cf5bd08f9@Leidinger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_48F44590-745D-4D44-A0DD-3C10301B2E8B Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On 17 Nov 2024, at 16:30, Alexander Leidinger <Alexander@Leidinger.net> = wrote: >=20 > Hi, >=20 > after reading > = https://security.googleblog.com/2024/11/retrofitting-spatial-safety-to-hun= dreds.html > https://libcxx.llvm.org/Hardening.html > = https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Harden= ing-Guide-for-C-and-C++.html > I played around a bit with some of the flags there (in CFLAGS). >=20 > What doesn't work: > - -fstrict-flex-arrays=3D3 (variable array issue in IIRC a tool for = ath) > - -fstrict-flex-arrays=3D2 (issue in another area, haven't checked = further) >=20 > What works and results in a world+kernel which is able to boot: > - -D_GLIBCXX_ASSERTIONS > - -fstrict-flex-arrays=3D1 > - -fstack-clash-protection > - -D_LIBCPP_HARDENING_MODE=3D_LIBCPP_HARDENING_MODE_EXTENSIVE FWIW the default hardening mode for libc++ is already extensive. There = is also a debug mode, but that is not suitable for general use. I have = not yet considered any WITH/WITHOUT options to fiddle with this, since = it is an option with 4 possible values: none, fast, extensive, and = debug. _GLIBCXX_ASSERTIONS is a similar directive for libstdc++, so it won't = make much difference for the base system, but it could be good for some = ports. (Not sure about the overhead though.) I am unsure about the usefulness of -fstrict-flex-arrays, I have not = really played with this option. I would expect more warnings to come = out? Last but not least, -fstack-clash-protection might be useful, but I = think it might need some additional runtime support? E.g. in libc? -Dimitry --Apple-Mail=_48F44590-745D-4D44-A0DD-3C10301B2E8B Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.2 iF0EARECAB0WIQR6tGLSzjX8bUI5T82wXqMKLiCWowUCZzo14gAKCRCwXqMKLiCW ows9AJ0daLhHhB0A5u1J5MyChziaFEWz/gCguyzVOpjfONIG2aP/kj5NO3eZPtA= =X4nm -----END PGP SIGNATURE----- --Apple-Mail=_48F44590-745D-4D44-A0DD-3C10301B2E8B--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?812A3C4D-35FA-4F98-B279-F550D3296C12>