This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH, libmpx, i386, PR driver/65444] Pass '-z bndplt' when building dynamic objects with MPX

From: "H.J. Lu" <hjl dot tools at gmail dot com>
To: Ilya Enkovich <enkovich dot gnu at gmail dot com>
Cc: Jakub Jelinek <jakub at redhat dot com>, Richard Biener <richard dot guenther at gmail dot com>, GCC Patches <gcc-patches at gcc dot gnu dot org>, Uros Bizjak <ubizjak at gmail dot com>
Date: Wed, 18 Mar 2015 09:45:18 -0700
Subject: Re: [PATCH, libmpx, i386, PR driver/65444] Pass '-z bndplt' when building dynamic objects with MPX
Authentication-results: sourceware.org; auth=none
References: <CAMbmDYZ2cd3MxwBEn5XUtsx=bV_a68-pWnLxE6=iE9M2BrY=KA at mail dot gmail dot com> <CAMe9rOr=EKOdg-coaFD6p7Ch746ogCMMQ0Oi8X=j+iG8QEp5ZQ at mail dot gmail dot com> <CAMbmDYYvawszQfnxfJBnkMa6tQ4SuS+jzE9j33rs+nDM656TEQ at mail dot gmail dot com> <CAMe9rOorXdhkXoSB6YtuEqf75LKw_bJGyz6cKxWcAi0do-cRCA at mail dot gmail dot com> <CAFiYyc2vFJe=8ucExq7Vf2iixg9pQb3KwjpdWw7KRnk_J4FjJw at mail dot gmail dot com> <CAMbmDYY17OTkGkLb1iL+HKvt7nvyJjgT5XnFpDQOZhDwG6B7_w at mail dot gmail dot com> <CAMe9rOrkWyGkv7ndR9rQBL2rG5zg8g8_oZTB222u5k7YHE14NA at mail dot gmail dot com> <CAMbmDYbUpZsBDOrB_SC2=EYo6g19BaRa=jjm6vDYGD4ZFziXEA at mail dot gmail dot com> <CAMe9rOqiBC9AF=hxMX8C2x2-WpHmHXBZpyv4xYdg96iO+NDpiw at mail dot gmail dot com> <CAMbmDYaNDDc6d_K61_kzzaZnfaieWvvyRLvy3kUvf=Eb6C8CXw at mail dot gmail dot com> <20150318140224 dot GL1746 at tucnak dot redhat dot com> <CAMe9rOq64hQyM+G+d_XguaFUHyOSLh4QM_yHeSxzJm28uXLe4w at mail dot gmail dot com> <CAMe9rOoQ33JnsEk6m8dNGACty+zgsS24jkgWN7fAQoa9FGKZTw at mail dot gmail dot com> <CAMbmDYbqxdBMs2XjDAL2ia5rwTwRfqSPDoBPS+=oJEBcJ1FJuw at mail dot gmail dot com>

On Wed, Mar 18, 2015 at 9:14 AM, Ilya Enkovich <enkovich.gnu@gmail.com> wrote:
> 2015-03-18 17:42 GMT+03:00 H.J. Lu <hjl.tools@gmail.com>:
>> On Wed, Mar 18, 2015 at 7:31 AM, H.J. Lu <hjl.tools@gmail.com> wrote:
>>> On Wed, Mar 18, 2015 at 7:02 AM, Jakub Jelinek <jakub@redhat.com> wrote:
>>>>
>>>> Yeah, I agree, the configure check is a reasonable thing to do.
>>>>
>>>
>>> We should either always pass -z bndplt to linker or disable
>>> MPX.
>>>
>>
>> MPX is a security feature.  Knowing leaving a door open is a
>> bad idea.
>
> Instrumented binary used with legacy libraries is a supported usage
> model. Each user determines his own level of security.
>

It doesn't mean we should leave a door open.  Are we supposed to
detect this with MPX:

[hjl@skylakeclient bug-1]$ cat x.c
#include <string.h>

int
main ()
{
  char buf[10];
  memset(buf, 'a', 11);
  return 0;
}
[hjl@skylakeclient bug-1]$

I believe we should, not maybe.  We shouldn't silent fail it
when linker doesn't support -z bndplt.

-- 
H.J.

Follow-Ups:
- Re: [PATCH, libmpx, i386, PR driver/65444] Pass '-z bndplt' when building dynamic objects with MPX
  - From: Ilya Enkovich

References:
- Re: [PATCH, libmpx, i386, PR driver/65444] Pass '-z bndplt' when building dynamic objects with MPX
  - From: Ilya Enkovich
- Re: [PATCH, libmpx, i386, PR driver/65444] Pass '-z bndplt' when building dynamic objects with MPX
  - From: H.J. Lu
- Re: [PATCH, libmpx, i386, PR driver/65444] Pass '-z bndplt' when building dynamic objects with MPX
  - From: Ilya Enkovich
- Re: [PATCH, libmpx, i386, PR driver/65444] Pass '-z bndplt' when building dynamic objects with MPX
  - From: H.J. Lu
- Re: [PATCH, libmpx, i386, PR driver/65444] Pass '-z bndplt' when building dynamic objects with MPX
  - From: Richard Biener
- Re: [PATCH, libmpx, i386, PR driver/65444] Pass '-z bndplt' when building dynamic objects with MPX
  - From: Ilya Enkovich
- Re: [PATCH, libmpx, i386, PR driver/65444] Pass '-z bndplt' when building dynamic objects with MPX
  - From: H.J. Lu
- Re: [PATCH, libmpx, i386, PR driver/65444] Pass '-z bndplt' when building dynamic objects with MPX
  - From: Ilya Enkovich
- Re: [PATCH, libmpx, i386, PR driver/65444] Pass '-z bndplt' when building dynamic objects with MPX
  - From: H.J. Lu
- Re: [PATCH, libmpx, i386, PR driver/65444] Pass '-z bndplt' when building dynamic objects with MPX
  - From: Ilya Enkovich
- Re: [PATCH, libmpx, i386, PR driver/65444] Pass '-z bndplt' when building dynamic objects with MPX
  - From: Jakub Jelinek
- Re: [PATCH, libmpx, i386, PR driver/65444] Pass '-z bndplt' when building dynamic objects with MPX
  - From: H.J. Lu
- Re: [PATCH, libmpx, i386, PR driver/65444] Pass '-z bndplt' when building dynamic objects with MPX
  - From: H.J. Lu
- Re: [PATCH, libmpx, i386, PR driver/65444] Pass '-z bndplt' when building dynamic objects with MPX
  - From: Ilya Enkovich

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]