[PATCH] Omit frame pointer and fix %ebp by default on x86 (take 3)
Florian Weimer
fw@deneb.enyo.de
Thu Aug 19 17:51:00 GMT 2004
* Roger Sayle:
> Taking a slightly different tack, preserving the frame pointer in
> executables that don't need it is a potential security vulnerability.
> The ability to walk back through stack frames inspecting PCs allows
> a "code insertion/buffer overflow" attack to subvert even recent
> position-independent-executable (PIE) security polices. By knowing
> how many frames deep an exploit is within a known executable, the
> attacking code can unwind to a known reference point in both the
> executable, libc and maybe even the kernel. Once the exploit has
> the relocated address of __libc_start_main in libc.so, its possible
> to invoke system library functions without link-time support.
I think it's possible to rewind the stack from the ground up once you
can read it, so I doubt -fomit-frame-pointer buys you anything from a
security perspective.
More information about the Gcc-patches
mailing list