enable -fstack-protector-strong by default in user land
It is long past time for
-fstack-protector-strong to be enabled by default in user land in the build. This goes through and enables this across the entire user land stack with a few exceptions to deal with bootstrapping and other minor challenges. In particular, if this had been enabled, it would have at least caught #13242 (I explicitly tested that).
- rtld (and as a side effect libc and libconv) due to bootstrapping issues around enabling the guard
- kmdb as it needs its own implementation of the stack protector and can't really use the kernel's
- The kmdb standalone versions of libdis, libctf, and libumem which are only used for kmdb.
- DTrace's drti.o which would require other objects to need ssp_ns that wouldn't in and of itself know to
The above can all be dealt with other work over time, the highest value would be enabling libc; however, that's no reason to stop getting basically all of the rest of userland enabled.
As part of doing this work, I discovered a lot of bugs in the build system which will be linked as blockers on this ticket.
Updated by Robert Mustacchi 2 months ago
To test this I did the following:
- Manually verified that we had emitted calls to the stack protector into most binaries and libraries.
- Ran through the primary test suites: crypto, libc, elf, os, and util
- Used bits semi-regularly
Then, I had a bunch of help from the broader community. In particular the following folks helped test their workloads:
- Andy Fiddaman built OmniOS with these changes
- Dan McDonald built SmartOS with these changes and uncovered a small issue with it
- Alex Wilson built SmartOS and tested some of their workloads with this present
- Peter Tribble verified that this built cleanly on SPARC
I also did builds of everything on ssp bits which is why we had all the linked changes.
Updated by Electric Monk 2 months ago
- Status changed from New to Closed
- % Done changed from 80 to 100
commit 5a0af8165ce9590e7a18f1ef4f9badc4dd72c6e6 Author: Robert Mustacchi <email@example.com> Date: 2020-11-17T16:52:10.000Z 13274 enable -fstack-protector-strong by default in user land Reviewed by: Andy Fiddaman <firstname.lastname@example.org> Reviewed by: Toomas Soome <email@example.com> Approved by: Gordon Ross <firstname.lastname@example.org>