From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/10524 Path: news.gmane.org!.POSTED!not-for-mail From: "LeMay, Michael" Newsgroups: gmane.linux.lib.musl.general Subject: [RFC PATCH 1/7] add --enable-safe-stack configuration option Date: Tue, 27 Sep 2016 15:34:32 -0700 Message-ID: Reply-To: musl@lists.openwall.com NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Trace: blaine.gmane.org 1475015694 13786 195.159.176.226 (27 Sep 2016 22:34:54 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Tue, 27 Sep 2016 22:34:54 +0000 (UTC) User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0 To: "musl@lists.openwall.com" Original-X-From: musl-return-10537-gllmg-musl=m.gmane.org@lists.openwall.com Wed Sep 28 00:34:50 2016 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by blaine.gmane.org with smtp (Exim 4.84_2) (envelope-from ) id 1bp0xa-0002UP-Ga for gllmg-musl@m.gmane.org; Wed, 28 Sep 2016 00:34:46 +0200 Original-Received: (qmail 31999 invoked by uid 550); 27 Sep 2016 22:34:46 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Original-Received: (qmail 31970 invoked from network); 27 Sep 2016 22:34:45 -0000 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.30,407,1470726000"; d="scan'208";a="14389085" Xref: news.gmane.org gmane.linux.lib.musl.general:10524 Archived-At: The SafeStack sanitizer in LLVM Clang seeks to mitigate stack memory corruption vulnerabilities [1]. That sanitizer can be used with varying levels of runtime support, which has an effect on the program's level of resistance to various types of attacks. This patch adds a configuration option to enable a segmentation-hardened form of the SafeStack sanitizer for 32-bit x86 Linux programs. Subsequent patches implement and describe various aspects of the hardening. [1] http://clang.llvm.org/docs/SafeStack.html Signed-off-by: Michael LeMay --- configure | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/configure b/configure index 969671d..c83c4d1 100755 --- a/configure +++ b/configure @@ -34,6 +34,7 @@ Optional features: --enable-wrapper=... build given musl toolchain wrapper [auto] --disable-shared inhibit building shared library [enabled] --disable-static inhibit building static library [enabled] + --enable-safe-stack enable segmentation-hardened SafeStack [disabled] Some influential environment variables: CC C compiler command [detected] @@ -139,6 +140,7 @@ static=yes wrapper=auto gcc_wrapper=no clang_wrapper=no +SAFE_STACK=no for arg ; do case "$arg" in @@ -170,6 +172,8 @@ case "$arg" in --disable-wrapper|--enable-wrapper=no) wrapper=no ;; --enable-gcc-wrapper|--enable-gcc-wrapper=yes) wrapper=yes ; gcc_wrapper=yes ;; --disable-gcc-wrapper|--enable-gcc-wrapper=no) wrapper=no ;; +--enable-safe-stack|--enable-safe-stack=yes) SAFE_STACK=yes ;; +--disable-safe-stack|--enable-safe-stack=no) SAFE_STACK=no ;; --enable-*|--disable-*|--with-*|--without-*|--*dir=*|--build=*) ;; --host=*|--target=*) target=${arg#*=} ;; -* ) echo "$0: unknown option $arg" ;; @@ -732,6 +736,7 @@ OPTIMIZE_GLOBS = $OPTIMIZE_GLOBS ALL_TOOLS = $tools TOOL_LIBS = $tool_libs ADD_CFI = $ADD_CFI +SAFE_STACK = $SAFE_STACK EOF test "x$static" = xno && echo "STATIC_LIBS =" test "x$shared" = xno && echo "SHARED_LIBS =" -- 2.7.4