Re: git: f934e629dc22 - main - Add stack clash protection to the WITH_SSP flag
Date: Sun, 26 Jan 2025 12:38:00 UTC
Am 2025-01-25 20:21, schrieb Jessica Clarke: > It looks like with Clang we end up using -Qunused-arguments so the > warning/error is suppressed. That at least means the build doesn’t > fail, which I suppose is good, but I’m not sure we should be promising > that WITH_SSP will protect against stack clash then having the compiler > silently emit unprotected code (for which we’re to blame, by telling it > to ignore the fact it’s not supported). This at least needs to be > documented that the protection will only be provided if supported by > the compiler. Like this? diff --git share/man/man7/mitigations.7 share/man/man7/mitigations.7 index 4db6589cdcf1..82a8e3a2c1c2 100644 --- share/man/man7/mitigations.7 +++ share/man/man7/mitigations.7 @@ -28,7 +28,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd January 25, 2025 +.Dd January 26, 2025 .Dt MITIGATIONS 7 .Os .Sh NAME @@ -245,7 +245,7 @@ and it is possible that some applications may not function correctly. supports stack overflow protection using the Stack Smashing Protector .Pq SSP compiler feature, -and stack clash protection. +and stack clash protection (if supported by the compiler for the given architecture). In userland, SSP adds a per-process randomized canary at the end of every stack frame which is checked for corruption upon return from the function, and stack probing in Bye, Alexander. -- http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF