[lsb-discuss] LSBCC and -fstack-protector

Dallman, John john.dallman at siemens.com
Thu Apr 14 12:01:16 UTC 2016


Mats wrote:

> It's been too long and I can't recall the details, but I believe we
> need to always disable the stack-protector option, because it changes
> the ABI when enabled.  The code in lsbcc includes this comment:
>
>  * Starting with gcc 4.1, gcc will emit new symbols for stack
>  * protection.  This is a good thing, but for LSB 3.x, those new
>  * symbols need to be suppressed.
>
> the change to do this is very old now.
>
> revno: 1373.1.2
> committer: Jeff Licquia <jeff at licquia.org> branch nick:
> 3.2-bugfix-build_env
> timestamp: Thu 2007-11-01 20:30:36 -0400
> message:
>   Suppress gcc 4.1+ stack protection when necessary.
>
> I'm not sure Jeff remembers either, but hopefully his memory is better than mine!!!

Well, I gave up on trying to use -fstack-protector with LSB 4.0 on GCC 4.3.4.

Now I'm trying out prospects for future work, and would like to be able to use -fstack-protector-strong, which appeared at GCC 4.9.

I'm tinkering with this on Fedora 23 with GCC 5.3 and the LSB 5.0 SDK. That version of lsbcc doesn't recognise the GCC I'm using, warns about it, and proceeds. Using -fstack-protector-strong with this combination works, and I can detect stack smashes in a simple example program.

However, when I look at the command line, thus:

$P_CC --lsb-verbose -fstack-protector-strong demonstrate_guardstack.c
unrecognized gcc version: "5.3.1"
cc -I /opt/lsb/include/libpng12 -isystem /opt/lsb/include -fstack-protector-strong demonstrate_guardstack.c -D__LSB_VERSION__=40 -nodefaultlibs -L /opt/lsb/lib64-4.0 -lpthread -lpthread_nonshared -Wl,--dynamic-linker=/lib64/ld-lsb-x86-64.so.3 -L /usr/lib/gcc/x86_64-redhat-linux/5.3.1 -Wl,-rpath-link,/opt/lsb/lib64-4.0 -L/lib64 -L/usr/lib64 -Wl,--hash-style=sysv -lgcc -lm -lc -lc_nonshared -lgcc

I see that lsbcc is not emitting -fnostack-protector, and I'm suspicious that this is because it doesn't recognise the GCC and thus doesn't know if it should take precautions. Am I correct?

The end-user customers for my products are getting more and more paranoid about security, and I suspect that in a few years, I'm going to have to use a -fstack-protector option, and if this is incompatible with LSB, I'll have to give up using LSB. What needs doing to make that option compatible with LSB?

thanks,

--
John Dallman
DF PL TO OT PC PDE
-----------------
Siemens Industry Software Limited is a limited company registered in England and Wales.
Registered number: 3476850.
Registered office: Faraday House, Sir William Siemens Square, Frimley, Surrey, GU16 8QD.


More information about the lsb-discuss mailing list