[Bug 1820798] Re: hardening-check: add support for detecting stack clash protected binaries
Steve Beattie
sbeattie at ubuntu.com
Mon Apr 8 00:40:06 UTC 2019
It looks like the stack-clash detection is getting tripped up on
optimization:
ubuntu at stensal-disco-server-amd64:~$ gcc -O2 -o stack-clash -fstack-clash-protection stack-clash.c
ubuntu at stensal-disco-server-amd64:~$ ./hardening-check ./stack-clash
./stack-clash:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: no, only unprotected functions found!
Read-only relocations: yes
Immediate binding: yes
Stack clash protection: no, not found!
ubuntu at stensal-disco-server-amd64:~$ gcc -o stack-clash -fstack-clash-protection stack-clash.c
ubuntu at stensal-disco-server-amd64:~$ ./hardening-check ./stack-clash
./stack-clash:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: no, only unprotected functions found!
Read-only relocations: yes
Immediate binding: yes
Stack clash protection: yes
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1820798
Title:
hardening-check: add support for detecting stack clash protected
binaries
Status in devscripts package in Ubuntu:
New
Bug description:
The security team is in the process of making -fstack-clash-protection
enabled by default in gcc-8/9 for 19.10 / 20.04. To support this it is
useful to be able to detect binaries which include this new feature
via hardening-check. Unlike previous features this can only be
detected by looking for the sequence of instructions which perform
this feature in the disassembly output via objdump.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/devscripts/+bug/1820798/+subscriptions
More information about the Ubuntu-sponsors
mailing list