From 90d12fb340c2c5245c063d85a3c0136b11b971ec Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Fri, 19 Jul 2019 11:23:44 -0400 Subject: [PATCH] override local default to -fstack-protector-strong This is a no-op on a toolchain compiled with the basic mitigations enabled by default, so this is generally a no-op anywhere this project is likely to be deployed. SSP has a very low performance cost so there's little reason to avoid it, even though it also has zero value for this code in practice. It would be great if one of the more modern approaches was widely adopted, but unfortunately SSP is as good as it gets for portable options. It doesn't provide any protection against external writes to the stack data which is all that's really needed here. ShadowCallStack is a great option for arm64, but it's substantially more difficult to protect return addresses well on x86_64 due to the design of the ISA and ABI. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 8589bc5..6fb43fb 100644 --- a/Makefile +++ b/Makefile @@ -25,7 +25,7 @@ $(shell $(CC) -E $1 - /dev/null 2>&1 && echo $1 || echo $2) endef CPPFLAGS := -D_GNU_SOURCE -SHARED_FLAGS := -O3 -flto -fPIC -fvisibility=hidden $(call safe_flag,-fno-plt) $(call safe_flag,-fstack-clash-protection) -pipe -Wall -Wextra $(call safe_flag,-Wcast-align=strict) -Wcast-qual -Wwrite-strings +SHARED_FLAGS := -O3 -flto -fPIC -fvisibility=hidden $(call safe_flag,-fno-plt) $(call safe_flag,-fstack-clash-protection) -fstack-protector-strong -pipe -Wall -Wextra $(call safe_flag,-Wcast-align=strict) -Wcast-qual -Wwrite-strings ifeq ($(CONFIG_NATIVE),true) SHARED_FLAGS += -march=native