This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: A new stack protector option?
- From: Ye Joey <joey dot ye dot cc at gmail dot com>
- To: Han Shen(ææ) <shenhan at google dot com>
- Cc: gcc at gcc dot gnu dot org
- Date: Wed, 30 Nov 2011 14:44:07 +0800
- Subject: Re: A new stack protector option?
- References: <CACkGtriRHEP4W_UeBC0EsKRCBHfqo5hQH5igvEbkdtAeYKRKgQ@mail.gmail.com> <CACkGtrirsPm_ArEcX=hoKXj4Fgq8Q-tnU=Fk+KOstawciaNJYQ@mail.gmail.com>
On Wed, Nov 30, 2011 at 7:53 AM, Han Shen(ææ) <shenhan@google.com> wrote:
> Hi, I propose to add to gcc a new option regarding stack protector -
> "-fstack-protector-strong", in addition to current gcc's
> "-fstack-protector-all", which protects ALL functions, and
> "-fstack-protector", which protects functions that have a big
> (signed/unsigned) char array or have alloca called.
>
> Background - some times stack-protector is too-simple while
> stack-protector-all over-kills, for example, to build one of our core
> systems, we forcibly add "-fstack-protector-all" to all compile
> commands, which brings big performance penalty (due to extra stack
> guard/check insns on function prologue and epilogue) on both atom and
> arm. To use "-fstack-protector" is just regarded as not secure enough
> (only "protects" <2% functions) by the system secure team. So I'd like
> to add the option "-fstack-protector-strong", that hits the balance
> between "-fstack-protector" and "-fstack-protector-all".
Any further detail about when the proposed -strong will protect stack?
If the new criteria is general secure principles, maybe you can just
enhance -fstack-prtector instead of introducing new option.
Thanks - Joey