Use compiler flags for stack protection in GCC and Clang


Shuah Khan
 

All,

Here is an article on gcc and clang compiler flags to use for stack protection:

Use compiler flags for stack protection in GCC and Clang

Both GCC and Clang provide a wide range of compiler flags to prevent stack-based
attacks. Some of these flags relate to a specific kind of exploit. Others introduce
generic protection. And some flags give feedback like warnings and reports to the
user, providing a better understanding of the behavior of the stack program.
Depending on the attack scenario, code size constraints, and execution speed,
compilers provide a wide range of tools to address the attack.


https://developers.redhat.com/articles/2022/06/02/use-compiler-flags-stack-protection-gcc-and-clang#

thanks,
-- Shuah


elana.copperman@...
 

This is excellent, Shuah, and is very much aligned with previous work on kernel configurations and compiler settings for stack protection.
Let's deep dive into these settings in this weeks LFSCS meeting, to understand how this ties in with:
  1. Performance considerations (already somewhat included in our Kernel Configurations DB ).
  2. Safety considerations, what is needed to "trust" such settings as part of a safety case.  I think this has been our major roadblock to date.
Regards
Elana

From: devel@... <devel@...> on behalf of Shuah Khan <skhan@...>
Sent: Friday, June 10, 2022 7:57 PM
To: devel@... <devel@...>
Cc: Shuah Khan <skhan@...>
Subject: [ELISA Technical Community] Use compiler flags for stack protection in GCC and Clang
 
EXTERNAL EMAIL: Do not click any links or open any attachments unless you trust the sender and know the content is safe.

All,

Here is an article on gcc and clang compiler flags to use for stack protection:

Use compiler flags for stack protection in GCC and Clang

Both GCC and Clang provide a wide range of compiler flags to prevent stack-based
attacks. Some of these flags relate to a specific kind of exploit. Others introduce
generic protection. And some flags give feedback like warnings and reports to the
user, providing a better understanding of the behavior of the stack program.
Depending on the attack scenario, code size constraints, and execution speed,
compilers provide a wide range of tools to address the attack.


https://developers.redhat.com/articles/2022/06/02/use-compiler-flags-stack-protection-gcc-and-clang#

thanks,
-- Shuah