Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 5 Nov 2014 18:01:40 +0200
From: Timo Teras <timo.teras@....fi>
To: John Spencer <maillist-musl@...fooze.de>
Cc: musl@...ts.openwall.com, Gregor Richards <gr@...due.edu>
Subject: Re: fixing -fPIE + -fstack-protector-all

On Wed, 05 Nov 2014 16:25:03 +0100
John Spencer <maillist-musl@...fooze.de> wrote:

> using -fPIE + -fstack-protector-all is currently broken for a number
> of architectures (most notably i386) in the default gcc setup
> (including the musl-cross patches), as it depends on a
> libssp_nonshared.a which provides __stack_chk_fail_local().

In Alpine Linux we are patching gcc to unconditionally to have
-lssp_nonshared:
http://git.alpinelinux.org/cgit/aports/tree/main/gcc/gcc-4.8-musl-libssp.patch

And making musl package provide that library:
http://git.alpinelinux.org/cgit/aports/tree/main/musl/__stack_chk_fail_local.c
http://git.alpinelinux.org/cgit/aports/tree/main/musl/APKBUILD#n60

This is for two reasons:

1. gcc bootstrap is broken if it's to be compiled with
-fstack-protector otherwise

2. Linking without "-fstack-protector" flag with .a or .o files that
have been compiled with SSP would break.

Basically, __stack_chk_fail_local symbol should be provided always.
Agreeably gcc should emit 'hlt' or similar instead of that function
call. Or at least provide implementation for that function with 'once'
linking.

/Timo

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.