CompilerFlags

Differences between revisions 2 and 5 (spanning 3 versions)
Revision 2 as of 2008-05-02 21:25:44
Size: 2479
Editor: c-76-105-157-155
Comment: tweaks
Revision 5 as of 2008-05-02 21:49:29
Size: 3371
Editor: c-76-105-157-155
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
This page documents the Ubuntu-specific default compiler flags in the toolchain. Based on the work from GccSsp, [:Security/HardeningWrapper:], and DistCompiler. Please attempt to fix a source package's problems before disabling a given compiler feature. This page documents the Ubuntu-specific default compiler flags in the toolchain. Based on the work from GccSsp, [:Security/HardeningWrapper], and DistCompiler. Please attempt to fix a source package's problems before disabling a given compiler feature.
Line 7: Line 7:
Failure example: Failure examples:
Line 11: Line 11:

 {{{
*** stack smashing detected ***
Aborted
}}}
  A function did not correctly maintain its stack variables. Usually indicates a stack buffer overflow.
Line 16: Line 22:
First enabled in Ubuntu 8.10. See [:Security/FortifySource:] for further details. Most problems are related to common unsafe uses of certain libc functions. First enabled in Ubuntu 8.10. See [:Security/FortifySource] for further details. Most problems are related to common unsafe uses of certain libc functions.
Line 32: Line 38:
 The call to {{{read()}}} was done into a buffer with the wrong size. Double-check the size argument and the buffer size.   The call to {{{read()}}} was done into a buffer with the wrong size. Double-check the size argument and the buffer size.

 {{{
warning: passing argument 1 of 'memcpy' discards qualifiers from pointer target type
warning: passing argument 1 of 'strcpy' discards qualifiers from pointer target type
}}}
  Code compiled with {{{-Werror}}} and using memcpy/strcpy/etc with qualifier overrides will fail. This is a bug in glibc 2.7. See [https://launchpad.net/bugs/217481].

 {{{
*** %n in writable segment detected ***
Aborted
}}}
  Use of {{{"%n"}}} in a format string is limited to read-only memory (not stack or heap allocated strings).

 {{{
*** buffer overflow detected ***
Aborted
}}}
  A call to {{{sprintf}}} should be changed to use {{{snprintf}}}, or a too-small buffer was read into (see {{{read()}}} warnings above).
Line 45: Line 69:
This is caused by code that forgot to use {{{"%s"}}} for a {{{*printf}}} function. For example:
 {{{
  This is caused by code that forgot to use {{{"%s"}}} for a {{{*printf}}} function. For example:
   {{{
Line 49: Line 73:
should be:
 {{{
  should be:
   {{{

This page documents the Ubuntu-specific default compiler flags in the toolchain. Based on the work from GccSsp, [:Security/HardeningWrapper], and DistCompiler. Please attempt to fix a source package's problems before disabling a given compiler feature.

-fstack-protector

First enabled in Ubuntu 6.10. See GccSsp for further details. Most problems are related to packages that do not use stdlib directly (kernel modules, certain libraries, etc).

Failure examples:

  • '__stack_chk_fail' symbol not found
    *** stack smashing detected ***
    Aborted
    • A function did not correctly maintain its stack variables. Usually indicates a stack buffer overflow.

Disabled with -fno-stack-protector or -nostdlib in CPPFLAGS.

-D_FORTIFY_SOURCE=2

First enabled in Ubuntu 8.10. See [:Security/FortifySource] for further details. Most problems are related to common unsafe uses of certain libc functions.

Failure examples:

  • error: ignoring return value of 'int system(const char*)', declared with attribute warn_unused_result
    • The return value from system() functions should be evaluated and handled appropriately.

    error: call to '__open_missing_mode' declared with attribute error: open with O_CREAT in second argument needs 3 arguments
    • When using open() with O_CREAT, best-practice is to define a valid mode argument.

    warning: call to ‘__read_chk_warn’ declared with attribute warning: read called with bigger length than size of the destination buffer
    • The call to read() was done into a buffer with the wrong size. Double-check the size argument and the buffer size.

    warning: passing argument 1 of 'memcpy' discards qualifiers from pointer target type
    warning: passing argument 1 of 'strcpy' discards qualifiers from pointer target type
    *** %n in writable segment detected ***
    Aborted
    • Use of "%n" in a format string is limited to read-only memory (not stack or heap allocated strings).

    *** buffer overflow detected ***
    Aborted
    • A call to sprintf should be changed to use snprintf, or a too-small buffer was read into (see read() warnings above).

Reduced checking via -D_FORTIFY_SOURCE=1 in CPPFLAGS. Disabled with -U_FORTIFY_SOURCE or -D_FORTIFY_SOURCE=0 in CPPFLAGS.

-Wformat -Wformat-security

First enabled in Ubuntu 8.10. These options should only cause build failures if the package is compiling with -Werror.

Failure examples:

  • warning: format not a string literal and no format arguments
    • This is caused by code that forgot to use "%s" for a *printf function. For example:

      • fprintf(stderr,buf);
      should be:
      • fprintf(stderr,"%s",buf);

Disabled with -Wno-format-security or -Wformat=0 in CPPFLAGS.

-Wl,-z,relro

First enabled in Ubuntu 8.10. This option paves the way for using -z now to further harden long-running programs like daemons.

No known failure examples.

Disabled with -Wl,-z,norelro in LDFLAGS.

ToolChain/CompilerFlags (last edited 2024-03-22 22:52:13 by eslerm)