RFC Stack protector strong

Fri Sep 25 09:21:50 UTC 2015

> On Sep 24, 2015, at 2:24 PM, Pedro Giffuni <pfg at FreeBSD.org> wrote:
> 
> (excuse me if you get this message repeated .. I hit the wrong list previously)
> 
> Hello;
> 
> Our current stack protection is very weak (about 1-2 % coverage).
> Google engineers have developed a new level of protection
> (about 20% coverage) that according to Google and Redhat has
> a negligible impact on performance.
> 
> I have opened a code review with a simple update to the default
> setting for our stack protector:
> 
> https://reviews.freebsd.org/D3463/
> 
> Sadly I haven't received much feedback.
> 
> I have no hurry to commit this but as stated in the review I think it
> is worthwhile. I don’t expect any issue, but it would be better to apply
> this change soonish rather than later so any collateral issues are
> detected and worked out with ample time before 11-Release.
> 
> Any objection?  If there is no feedback I will just play with other
> things.
> 
> Pedro.

That URL did not work for me (404). I found what you are directing us toward instead at https://reviews.freebsd.org/D3463

I like what I'm reading so far, alas I am a nobody.

Could you clarify/elaborate what is meant when you say "coverage" and using these approximate percentages as a metric? Compare and contrast the safestack approach for us, if you would, as well. Please bear with me, I am a C novice and what I know about the magic of compilers could fit on a Post-it Note, the really small kind. While I acknowledge I have no place in this conversation, I think it would draw more people into the discussion if you'd be willing to educate us laypeople a little as attempting to teach often exposes the overlooked gaps in ones own knowledge.

I understand the difference between a heap and a stack, the process model, the idea of a virtualized memory address space, kernel and user modes of execution and that is about where my expertise ends. I have a vague understanding of how function calls happen, what a system call interface is, an ABI, an ISA, buffer overflows and such as concepts but little experience with the mechanics of any of the aforementioned. I know that things like W^X and MMUs and some mythical "rings" exist to make our lives safer and more productive but as for how they work or if we can trust them, I generally must defer to greater minds whom I then judge by superficial traits such as the size and messiness of their beards and the variety and age of their shirts, both t- and Hawaiian.

Without simply referring me to a full bookshelf of thousand-page books is there a way people such as myself could become more helpful at assessing such a change? If I enable this on a couple of systems what sorts of breakage or impact should I be looking for?

This is an invitation for anyone to enlighten me, not only the original poster. I'm sure there are a hundred more lurkers afraid to ask.

Thank you for contributing.