Best IT Recipes

When and how to use the GCC stack security feature?

I turned on the -Wstack-protector warning when compiling a project I'm working on (a commercial C ++ multi-platform engine that compiles on Mac OS X 10.6 with GCC 4.2). This flag warns about functions that will not be protected from breaking the stack, even if -fstack-protector enabled. GCC generates some warnings when creating a project:

non-protective function: without a buffer of at least 8 bytes in length
not protecting local variables: variable-length buffer

For the first warning, I found that you can configure the minimum size that a buffer should have when used in a function so that this function is protected from stack splitting: --param ssp-buffer-size=X can be used, where X is 8 by default and maybe like 1.

In the second warning, I cannot suppress its occurrences unless I stop using the -Wstack-protector .

  • When should you use the -fstack-protector ? (as, for example, during dev or just when tracking errors?)
  • When should you use -fstack-protector-all ?
  • What does the -Wstack-protector tell me? Is this an assumption that I am decreasing the minimum buffer size?
  • If so, are there any flaws to putting the size at 1?
  • It seems that -Wstack-protector is not the flag that you always want to turn on if you want to build without warning. Is it correct?
+48
c ++ gcc stack protection
Oct 27 '09 at 9:40
source share
2 answers

Stack protection is a hardening strategy, not a debugging strategy. If your game supports a network or has data coming from an uncontrolled source, turn it on. If it does not have data coming from somewhere uncontrolled, do not turn it on.

Here's how it happens: if you have an error and make a buffer change based on what the attacker can control, this attacker can rewrite the return address or similar parts of the stack to force it to execute its code instead of your code. Stack protection will interrupt your program if it detects this. Your users will not be happy, but they will not be hacked either. This is not a hacking game of chance that deals with cheating in the game, it is a kind of hack that concerns someone using a vulnerability in your code to create an exploit that could potentially infect your user.

For debug oriented solutions, look at things like mudflap.

Regarding your specific questions:

  • Use a stack protector if you get data from uncontrolled sources. The answer is probably yes. So use it. Even if you do not have data from uncontrolled sources, you are likely to eventually do it or not already realize it.

  • Stack protection for all buffers can be used if you need additional protection in exchange for some performance hit. From the gcc4.4.2 manual :

    -fstack protector

    Extract additional code to check for buffer overflows, such as glass-break attacks. This is done by adding a security variable to functions with vulnerable objects. This includes functions that alloca calls and functions with buffers larger than 8 bytes in size. Guards are initialized when a function is entered, and then checked when the function exits. If the security check fails, an error message is displayed and the program terminates.

    -fstack-protector-all

    Like -fstack-protector, except that all functions are protected.

  • Warnings tell you which buffers the stack protection cannot protect.

  • It is not necessary to indicate that you are decreasing your minimum buffer size, and at a size of 0/1 this is the same as for the guard stack. This only indicates this so that you can, if you decide to reconfigure the code, to protect the buffer.
  • No, these warnings are not a problem, they just point you to information. Do not use them regularly.
+51
Nov 25 '10 at 19:46
source share

You really shouldn't have to worry about warning for regular builds. This is truly an informational message. I hope it is obvious that you have an inherent security issue with variable sized buffers on the stack; incorrectly calculate the size, and you open a large hole.

+1
Oct 27 '09 at 10:15
source share


More articles:


All Articles