Compile debug/stack_chk_fail_local.c with stack protector
Commit Message
The resulting object file is statically linked into applications, so
it is desirable to have (formal) stack protector coverage there.
2018-07-05 Florian Weimer <fweimer@redhat.com>
* debug/Makefile (CFLAGS-stack_chk_fail_local.c): Remove
$(no-stack-protector). stack_chk_fail_local.c can be compiled
with stack protector enabled because there is no risk of infinite
recursion.
Comments
On 07/05/2018 07:28 AM, Florian Weimer wrote:
> The resulting object file is statically linked into applications, so
> it is desirable to have (formal) stack protector coverage there.
The broader context is this:
60 # Building the stack-protector failure routines with stack protection
61 # makes no sense.
62
63 CFLAGS-stack_chk_fail.c += $(no-stack-protector)
64 CFLAGS-stack_chk_fail_local.c += $(no-stack-protector)
65
Should we expand the comment to say something like this?
# Building the stack-protector failure routines with stack protection
# is not required since we have already failed a stack check and are
# exiting the process. However, the local aliases which jump to the real
# routines should still be compiled with stack protection
# e.g. stack_chk_fail_local.c
Otherwise the comment is out-of-sync with what we're doing here.
OK with that change.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
> 2018-07-05 Florian Weimer <fweimer@redhat.com>
>
> * debug/Makefile (CFLAGS-stack_chk_fail_local.c): Remove
> $(no-stack-protector). stack_chk_fail_local.c can be compiled
> with stack protector enabled because there is no risk of infinite
> recursion.
>
> diff --git a/debug/Makefile b/debug/Makefile
> index c6f6feb0ec..d9683a8c8c 100644
> --- a/debug/Makefile
> +++ b/debug/Makefile
> @@ -61,7 +61,6 @@ elide-routines.o := stack_chk_fail_local
> # makes no sense.
>
> CFLAGS-stack_chk_fail.c += $(no-stack-protector)
> -CFLAGS-stack_chk_fail_local.c += $(no-stack-protector)
>
> CFLAGS-backtrace.c += -fno-omit-frame-pointer -funwind-tables
> CFLAGS-sprintf_chk.c += $(libio-mtsafe)
>
@@ -61,7 +61,6 @@ elide-routines.o := stack_chk_fail_local
# makes no sense.
CFLAGS-stack_chk_fail.c += $(no-stack-protector)
-CFLAGS-stack_chk_fail_local.c += $(no-stack-protector)
CFLAGS-backtrace.c += -fno-omit-frame-pointer -funwind-tables
CFLAGS-sprintf_chk.c += $(libio-mtsafe)