From: "LeMay, Michael" <michael.lemay@intel.com>
To: "musl@lists.openwall.com" <musl@lists.openwall.com>
Subject: [RFC PATCH 1/7] add --enable-safe-stack configuration option
Date: Tue, 27 Sep 2016 15:34:32 -0700 [thread overview]
Message-ID: <ee212780-121f-f47c-26d8-0a32aea9b48e@intel.com> (raw)
The SafeStack sanitizer in LLVM Clang seeks to mitigate stack memory
corruption vulnerabilities [1]. That sanitizer can be used with
varying levels of runtime support, which has an effect on the
program's level of resistance to various types of attacks. This patch
adds a configuration option to enable a segmentation-hardened form of
the SafeStack sanitizer for 32-bit x86 Linux programs. Subsequent
patches implement and describe various aspects of the hardening.
[1] http://clang.llvm.org/docs/SafeStack.html
Signed-off-by: Michael LeMay <michael.lemay@intel.com>
---
configure | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/configure b/configure
index 969671d..c83c4d1 100755
--- a/configure
+++ b/configure
@@ -34,6 +34,7 @@ Optional features:
--enable-wrapper=... build given musl toolchain wrapper [auto]
--disable-shared inhibit building shared library [enabled]
--disable-static inhibit building static library [enabled]
+ --enable-safe-stack enable segmentation-hardened SafeStack [disabled]
Some influential environment variables:
CC C compiler command [detected]
@@ -139,6 +140,7 @@ static=yes
wrapper=auto
gcc_wrapper=no
clang_wrapper=no
+SAFE_STACK=no
for arg ; do
case "$arg" in
@@ -170,6 +172,8 @@ case "$arg" in
--disable-wrapper|--enable-wrapper=no) wrapper=no ;;
--enable-gcc-wrapper|--enable-gcc-wrapper=yes) wrapper=yes ;
gcc_wrapper=yes ;;
--disable-gcc-wrapper|--enable-gcc-wrapper=no) wrapper=no ;;
+--enable-safe-stack|--enable-safe-stack=yes) SAFE_STACK=yes ;;
+--disable-safe-stack|--enable-safe-stack=no) SAFE_STACK=no ;;
--enable-*|--disable-*|--with-*|--without-*|--*dir=*|--build=*) ;;
--host=*|--target=*) target=${arg#*=} ;;
-* ) echo "$0: unknown option $arg" ;;
@@ -732,6 +736,7 @@ OPTIMIZE_GLOBS = $OPTIMIZE_GLOBS
ALL_TOOLS = $tools
TOOL_LIBS = $tool_libs
ADD_CFI = $ADD_CFI
+SAFE_STACK = $SAFE_STACK
EOF
test "x$static" = xno && echo "STATIC_LIBS ="
test "x$shared" = xno && echo "SHARED_LIBS ="
--
2.7.4
next reply other threads:[~2016-09-27 22:34 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-27 22:34 LeMay, Michael [this message]
2016-09-27 23:24 ` Szabolcs Nagy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ee212780-121f-f47c-26d8-0a32aea9b48e@intel.com \
--to=michael.lemay@intel.com \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).