Announcement

Collapse
No announcement yet.

SafeStack Merged Into LLVM To Protect Against Stack Buffer Overflow Attacks

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • SafeStack Merged Into LLVM To Protect Against Stack Buffer Overflow Attacks

    Phoronix: SafeStack Merged Into LLVM To Protect Against Stack Buffer Overflow Attacks

    SafeStack was merged into LLVM this month as a new form of protection against stack-based memory corruption errors. The SafeStack pass for LLVM adds in protection against stack-based buffer overflows without causing any significant performance penalty...

    http://www.phoronix.com/scan.php?pag...feStack-Merged

  • #2
    Neat! Is there something similar for GCC?

    Comment


    • #3
      To quote Wikipedia,
      In 2012, Google engineers implemented the -fstack-protector-strong flag to strike a better balance between security and performance.[17] This flag protects more kinds of vulnerable functions than -fstack-protector does, but not every function, providing better performance than -fstack-protector-all. It is available in GCC since its version 4.9.[18] All Fedora packages are compiled with -fstack-protector since Fedora Core 5, and -fstack-protector-strong since Fedora 20.[19][20] Most packages in Ubuntu are compiled with -fstack-protector since 6.10.[21] Every Arch Linux package is compiled with -fstack-protector since 2011.[22] All Arch Linux packages built since 4 May 2014 use -fstack-protector-strong.[23] Stack protection is only used for some packages in Debian,[24] and only for the FreeBSD base system since 8.0.[25] Stack protection is standard in OpenBSD,[26] Hardened Gentoo[citation needed], and DragonFly BSD[citation needed].
      ...but...
      StackGuard and ProPolice cannot protect against overflows in automatically allocated structures that overflow into function pointers. ProPolice at least will rearrange the allocation order to get such structures allocated before function pointers. A separate mechanism for pointer protection was proposed in PointGuard[27] and is available on Microsoft Windows.[28]
      There's a bit of history before that, but -fstack-protector is probably the most widely used implementation of stack-protection in GCC.

      Comment


      • #4
        I had a longer post, but it's gotten put on mod-hold, so here's a link for the impatient.

        Comment

        Working...
        X