OpenBSD Journal

New Compiler Capabilities: -fstack-shuffle and Return Value Guards

Contributed by tbert on from the doing the fstack shuffle dept.

Martynas Venckus (martynas@) has committed a pair of security-related enhancements to OpenBSD's gcc(1), improving the bug- and exploit-resistance of the entire system.

The first, a new -fstack-shuffle option, hopes to find bugs that were slipping through due to the ordering of variables on the stack.

CVSROOT:        /cvs
Module name:    src
Changes by:     martynas@cvs.openbsd.org        2014/05/06 17:22:33

Modified files:
        gnu/gcc/gcc    : cfgexpand.c common.opt

Log message:
Introduce -fstack-shuffle, which randomizes local stack variables.
This will make the environment more hostile and help detect bugs
that depend on overrunning one variable into another, with almost
no performance cost.

Discussed with Theo at m2k14 hackathon.  "oh god yes" tedu@, "oh nice" djm@

The next is an extension of the existing stack protector to cases where it previously wasn't in effect:

CVSROOT:        /cvs
Module name:    src
Changes by:     martynas@cvs.openbsd.org        2014/05/06 17:32:34

Modified files:
        gnu/gcc/gcc    : cfgexpand.c

Log message:
When the stack protector heuristics doesn't cover a function, leave
a little pointer-sized gap before the return value.  This protects
from common off-by-one type of bugs and costs nothing:  the attacker
won't be able to overwrite return pointer.  Developed at m2k14,
thanks for the hackathon!

Thanks, Martynas, for the great work! Now to recompile tetris(6) for extra-secure network tests...

(Comments are closed)


Comments
  1. By Steven Oliver (12.4.226.26) oliver.steven@gmail.com on https://blog-steveno.rhcloud.com

    A quick Google doesn't return any obvious hits for this feature upstream. Are patches like this generally pushed upstream?

    Comments
    1. By Janne Johansson (jj) on http://www.inet6.se

      > A quick Google doesn't return any obvious hits for this feature upstream. Are patches like this generally pushed upstream?

      Upstream don't like patches against gcc 4.2.1, they have moved further along under a new GPL license.

  2. By Anonymous Coward (66.223.169.228) on

    It's great to see features like this, and it's great to see more frequent Undeadly posts! 2014 seems to be shaping up to be a great yer for OpenBSD.

  3. By Anonymous Coward (24.113.147.35) on

    Is there still motivation to get off of gcc, to pursue a BSD licensed compiler? clang, pcc, something else? These gcc modifications seem to be a dead-end due to the GPL license issues.

    Comments
    1. By Anonymous Coward (79.238.0.191) on

      > Is there still motivation to get off of gcc, to pursue a BSD licensed compiler? clang, pcc, something else? These gcc modifications seem to be a dead-end due to the GPL license issues.

      Miod gave a lengthy answer to this last year:

      http://marc.info/?l=openbsd-misc&m=137530560232232&w=2

  4. By Anonymous Coward (183.179.14.210) on

    Is those new features(fstack-shuffle...) tune on by default?

  5. By Anonymous Coward (2.242.179.49) on

    Will this new feature cover all stack overwriting bugs, or a subcategory thereof?

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]