* [RFC PATCH 1/7] add --enable-safe-stack configuration option
@ 2016-09-27 22:34 LeMay, Michael
2016-09-27 23:24 ` Szabolcs Nagy
0 siblings, 1 reply; 2+ messages in thread
From: LeMay, Michael @ 2016-09-27 22:34 UTC (permalink / raw)
To: musl
The SafeStack sanitizer in LLVM Clang seeks to mitigate stack memory
corruption vulnerabilities [1]. That sanitizer can be used with
varying levels of runtime support, which has an effect on the
program's level of resistance to various types of attacks. This patch
adds a configuration option to enable a segmentation-hardened form of
the SafeStack sanitizer for 32-bit x86 Linux programs. Subsequent
patches implement and describe various aspects of the hardening.
[1] http://clang.llvm.org/docs/SafeStack.html
Signed-off-by: Michael LeMay <michael.lemay@intel.com>
---
configure | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/configure b/configure
index 969671d..c83c4d1 100755
--- a/configure
+++ b/configure
@@ -34,6 +34,7 @@ Optional features:
--enable-wrapper=... build given musl toolchain wrapper [auto]
--disable-shared inhibit building shared library [enabled]
--disable-static inhibit building static library [enabled]
+ --enable-safe-stack enable segmentation-hardened SafeStack [disabled]
Some influential environment variables:
CC C compiler command [detected]
@@ -139,6 +140,7 @@ static=yes
wrapper=auto
gcc_wrapper=no
clang_wrapper=no
+SAFE_STACK=no
for arg ; do
case "$arg" in
@@ -170,6 +172,8 @@ case "$arg" in
--disable-wrapper|--enable-wrapper=no) wrapper=no ;;
--enable-gcc-wrapper|--enable-gcc-wrapper=yes) wrapper=yes ;
gcc_wrapper=yes ;;
--disable-gcc-wrapper|--enable-gcc-wrapper=no) wrapper=no ;;
+--enable-safe-stack|--enable-safe-stack=yes) SAFE_STACK=yes ;;
+--disable-safe-stack|--enable-safe-stack=no) SAFE_STACK=no ;;
--enable-*|--disable-*|--with-*|--without-*|--*dir=*|--build=*) ;;
--host=*|--target=*) target=${arg#*=} ;;
-* ) echo "$0: unknown option $arg" ;;
@@ -732,6 +736,7 @@ OPTIMIZE_GLOBS = $OPTIMIZE_GLOBS
ALL_TOOLS = $tools
TOOL_LIBS = $tool_libs
ADD_CFI = $ADD_CFI
+SAFE_STACK = $SAFE_STACK
EOF
test "x$static" = xno && echo "STATIC_LIBS ="
test "x$shared" = xno && echo "SHARED_LIBS ="
--
2.7.4
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [RFC PATCH 1/7] add --enable-safe-stack configuration option
2016-09-27 22:34 [RFC PATCH 1/7] add --enable-safe-stack configuration option LeMay, Michael
@ 2016-09-27 23:24 ` Szabolcs Nagy
0 siblings, 0 replies; 2+ messages in thread
From: Szabolcs Nagy @ 2016-09-27 23:24 UTC (permalink / raw)
To: musl; +Cc: Michael LeMay
* LeMay, Michael <michael.lemay@intel.com> [2016-09-27 15:34:32 -0700]:
> program's level of resistance to various types of attacks. This patch
> adds a configuration option to enable a segmentation-hardened form of
> the SafeStack sanitizer for 32-bit x86 Linux programs. Subsequent
since it is a new abi it will need a new dynamic linker name
and possibly new triplet name for configuration.
(existing /lib/ld-musl-i386.so.1 cannot load safestack
instrumented binaries, and an instrumented libc cannot
load uninstrumented binaries)
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-09-27 23:24 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-09-27 22:34 [RFC PATCH 1/7] add --enable-safe-stack configuration option LeMay, Michael
2016-09-27 23:24 ` Szabolcs Nagy
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).