When and how to use GCC’s stack protection feature?

by

Stack-protection is a hardening strategy, not a debugging strategy. If your game is network-aware or otherwise has data coming from an uncontrolled source, turn it on. If it doesn’t have data coming from somewhere uncontrolled, don’t turn it on.

Here’s how it plays out: If you have a bug and make a buffer change based on something an attacker can control, that attacker can overwrite the return address or similar portions of the stack to cause it to execute their code instead of your code. Stack protection will abort your program if it detects this happening. Your users won’t be happy, but they won’t be hacked either. This isn’t the sort of hacking that is about cheating in the game, it’s the sort of hacking that is about someone using a vulnerability in your code to create an exploit that potentially infects your user.

For debugging-oriented solutions, look at things like mudflap.

As to your specific questions:

  1. Use stack protector if you get data from uncontrolled sources. The answer to this is probably yes. So use it. Even if you don’t have data from uncontrolled sources, you probably will eventually or already do and don’t realize it.

  2. Stack protections for all buffers can be used if you want extra protection in exchange for some performance hit. From gcc4.4.2 manual:

    -fstack-protector

    Emit extra code to check for buffer overflows, such as stack smashing attacks. This is done by adding a guard variable to functions with vulnerable objects. This includes functions that call alloca, and functions with buffers larger than 8 bytes. The guards are initialized when a function is entered and then checked when the function exits. If a guard check fails, an error message is printed and the program exits.

    -fstack-protector-all

    Like -fstack-protector except that all functions are protected.

  3. The warnings tell you what buffers the stack protection can’t protect.

  4. It is not necessarily suggesting you decrease your minimum buffer size, and at a size of 0/1, it is the same as stack-protector-all. It is only pointing it out to you so that you can, if you decide redesign the code so that buffer is protected.
  5. No, those warnings don’t represent issues, they just point out information to you. Don’t use them regularly.

More Related Contents:

  1. Convert char to int in C and C++
  2. Using base pointer register in C++ inline asm
  3. Order of local variable allocation on the stack
  4. Selectively disable GCC warnings for only part of a translation unit
  5. How to get rid of `deprecated conversion from string constant to ‘char*’` warnings in GCC?
  6. Dual emission of constructor symbols
  7. Why does typeid.name() return weird characters using GCC and how to make it print unmangled names?
  8. Is right shift undefined behavior if the count is larger than the width of the type?
  9. when g++ static link pthread, cause Segmentation fault, why?
  10. GCC ABI compatibility
  11. Array with size 0 [duplicate]
  12. What is the first (int (*)(…))0 vtable entry in the output of g++ -fdump-class-hierarchy?
  13. Is std::string ref-counted in GCC 4.x / C++11?
  14. Why does GCC generate 15-20% faster code if I optimize for size instead of speed?
  15. Why does the enhanced GCC 6 optimizer break practical C++ code?
  16. What is the behavior of “delete” with stack objects? [duplicate]
  17. Precompiled headers with GCC
  18. What is the difference between MinGW, MinGW-w64 and MinGW-builds?
  19. Compiling with -static-libgcc -static-libstdc++ still results in dynamic dependency on libc.so
  20. Overloaded lambdas in C++ and differences between clang and gcc
  21. GNU C++ how to check when -std=c++0x is in effect?
  22. Template instantiation details of GCC and MS compilers
  23. Layout of compiled objects
  24. Weird MSC 8.0 error: “The value of ESP was not properly saved across a function call…”
  25. Does the restrict keyword provide significant benefits in gcc/g++?
  26. std::thread error (thread not member of std)
  27. Default libraries linked in by gcc?
  28. Multiple “could not be resolved” problems using Eclipse with minGW
  29. const auto std::initializer_list difference between Clang and GCC
  30. Undefined reference to process(std::__cxx11::basic_string … ) when compiling affdex linux sample applications

Leave a Comment