r2242 - trunk/gcc

robert at linuxfromscratch.org robert at linuxfromscratch.org
Mon Nov 15 21:35:53 PST 2010


Author: robert
Date: 2010-11-15 22:35:49 -0700 (Mon, 15 Nov 2010)
New Revision: 2242

Added:
   trunk/gcc/gcc-4.5.1-fstack_protector-1.patch
Log:
Added gcc-4.5.1-fstack_protector-1.patch

Added: trunk/gcc/gcc-4.5.1-fstack_protector-1.patch
===================================================================
--- trunk/gcc/gcc-4.5.1-fstack_protector-1.patch	                        (rev 0)
+++ trunk/gcc/gcc-4.5.1-fstack_protector-1.patch	2010-11-16 05:35:49 UTC (rev 2242)
@@ -0,0 +1,69 @@
+Submitted By: Robert Connolly (robert at linuxfromscratch dot org)
+Date: 2010-11-07
+Initial Package Version: 4.5.1
+Upstream Status: Not submitted - Hack
+Origin: ALT Linux
+Description: This patch adds "-fstack-protector-all --param=ssp-buffer-size=4"
+to GCC's default options.
+
+Disable "-fstack-protector-all" with "-fno-stack-protector".
+
+See: http://en.wikipedia.org/wiki/Stack-smashing_protection
+     http://www.trl.ibm.com/projects/security/ssp/
+
+diff -Naur gcc-4.5.1.orig/gcc/Makefile.in gcc-4.5.1/gcc/Makefile.in
+--- gcc-4.5.1.orig/gcc/Makefile.in	2010-06-30 13:26:17.000000000 +0000
++++ gcc-4.5.1/gcc/Makefile.in	2010-11-08 01:26:44.052649763 +0000
+@@ -644,7 +644,7 @@
+ #
+ LIBGCC2_DEBUG_CFLAGS = -g
+ LIBGCC2_CFLAGS = -O2 $(LIBGCC2_INCLUDES) $(GCC_CFLAGS) $(TARGET_LIBGCC2_CFLAGS) \
+-		 $(LIBGCC2_DEBUG_CFLAGS) $(GTHREAD_FLAGS) \
++		 $(LIBGCC2_DEBUG_CFLAGS) $(GTHREAD_FLAGS) -fno-stack-protector \
+ 		 -DIN_LIBGCC2 -D__GCC_FLOAT_NOT_NEEDED \
+ 		 $(INHIBIT_LIBC_CFLAGS)
+ 
+@@ -657,7 +657,7 @@
+ 
+ # Options to use when compiling crtbegin/end.
+ CRTSTUFF_CFLAGS = -O2 $(GCC_CFLAGS) $(INCLUDES) $(MULTILIB_CFLAGS) -g0 \
+-  -finhibit-size-directive -fno-inline -fno-exceptions \
++  -finhibit-size-directive -fno-inline -fno-exceptions -fno-stack-protector \
+   -fno-zero-initialized-in-bss -fno-toplevel-reorder -fno-tree-vectorize \
+   $(INHIBIT_LIBC_CFLAGS)
+ 
+diff -Naur gcc-4.5.1.orig/gcc/doc/invoke.texi gcc-4.5.1/gcc/doc/invoke.texi
+--- gcc-4.5.1.orig/gcc/doc/invoke.texi	2010-04-06 14:02:22.000000000 +0000
++++ gcc-4.5.1/gcc/doc/invoke.texi	2010-11-08 01:26:10.357649113 +0000
+@@ -7848,7 +7848,7 @@
+ Emit extra code to check for buffer overflows, such as stack smashing
+ attacks.  This is done by adding a guard variable to functions with
+ vulnerable objects.  This includes functions that call alloca, and
+-functions with buffers larger than 8 bytes.  The guards are initialized
++functions with buffers larger than 4 bytes.  The guards are initialized
+ when a function is entered and then checked when the function exits.
+ If a guard check fails, an error message is printed and the program exits.
+ 
+diff -Naur gcc-4.5.1.orig/gcc/gcc.c gcc-4.5.1/gcc/gcc.c
+--- gcc-4.5.1.orig/gcc/gcc.c	2010-04-18 17:46:08.000000000 +0000
++++ gcc-4.5.1/gcc/gcc.c	2010-11-08 01:26:10.375648953 +0000
+@@ -905,6 +905,7 @@
+  %{!fsyntax-only:%{S:%W{o*}%{!o*:-o %b.s}}}\
+  %{fsyntax-only:-o %j} %{-param*}\
+  %{fmudflap|fmudflapth:-fno-builtin -fno-merge-constants}\
++ %{!fno-stack-protector:%{!nostdlib:-fstack-protector-all}}\
+  %{coverage:-fprofile-arcs -ftest-coverage}";
+ 
+ static const char *asm_options =
+diff -Naur gcc-4.5.1.orig/gcc/params.def gcc-4.5.1/gcc/params.def
+--- gcc-4.5.1.orig/gcc/params.def	2010-04-02 19:54:46.000000000 +0000
++++ gcc-4.5.1/gcc/params.def	2010-11-08 01:26:10.391649209 +0000
+@@ -616,7 +616,7 @@
+ DEFPARAM (PARAM_SSP_BUFFER_SIZE,
+ 	  "ssp-buffer-size",
+ 	  "The lower bound for a buffer to be considered for stack smashing protection",
+-	  8, 1, 0)
++	  4, 1, 0)
+ 
+ /* When we thread through a block we have to make copies of the
+    statements within the block.  Clearly for large blocks the code




More information about the patches mailing list