gronod/lfs
1
0
Fork 0
mirror of https://git.linuxfromscratch.org/lfs.git synced 2025-06-19 03:39:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

gcc: some reword of PIE/SSP/ASLR note

Browse Source 
Expand tabs to 8 spaces like everywhere else in the book.

Explain that shared libraries are already covered by ASLR, PIE expands
the ASLR to cover the exetutables.

In 2022, stack smashing attackings are mostly constructing a sequence of
faked returning addresses to exectute a series of function already
existing in the programs or libraries itself (ret2lib).  Returning into
the code injected by the attacker is almost impossible because on
i686 (with a PAE/NX enabled kernel) or x86_64, running injected code
needs W/X mappings and those are very rare these days.
This commit is contained in:
Xi Ruoyao 2022-09-11 11:35:06 +08:00
parent 8d3b2541da
commit e502de1ab0
No known key found for this signature in database
GPG Key ID: ACAAD20E19E710E3
2 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
chapter05/gcc-pass1.xml
View File

@ -140,10 +140,10 @@ cd build</userinput></screen>
<listitem> <listitem>
<para>Those switches allow GCC to compile programs with <para>Those switches allow GCC to compile programs with
some hardening security features (more information on those in some hardening security features (more information on those in
the <xref linkend="pie-ssp-info"/> in chapter 8). They are not the <xref linkend="pie-ssp-info"/> in chapter 8) by default. The
strictly needed at this stage, since the compiler will only produce are not strictly needed at this stage, since the compiler will
temporary executables. But it is cleaner to have the temporary only produce temporary executables. But it is cleaner to have the
packages be as close as possible to the final ones. temporary packages be as close as possible to the final ones.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>

17
chapter08/gcc.xml
View File

@ -108,18 +108,21 @@ cd build</userinput></screen>
<note id="pie-ssp-info" xreflabel="note on PIE and SSP"> <note id="pie-ssp-info" xreflabel="note on PIE and SSP">
<para> <para>
PIE (position independent executable) is a technique to produce PIE (position-independent executable) is a technique to produce
binary programs that can be loaded anywhere in memory. Together binary programs that can be loaded anywhere in memory. Without PIE,
with a feature named ASLR (Address Space Layout Randomization), the security feature named ASLR (Address Space Layout Randomization)
this allows programs to never have the same memory layout, can be applied for the shared libraries, but not the exectutable
thus defeating attacks based on reproducible memory patterns. itself. Enabling PIE allows ASLR for the executables in addition to
the shared libraries, and mitigates some attacks based on fixed
addresses of sensitive code or data in the executables.
</para> </para>
<para> <para>
SSP (Stack Smashing Protection) is a technique to ensure SSP (Stack Smashing Protection) is a technique to ensure
that the parameter stack is not corrupted. Stack corruption can that the parameter stack is not corrupted. Stack corruption can
for example alter the return address of a subroutine, for example alter the return address of a subroutine,
which would allow transferring control to an attacker program instead which would allow transferring control to some dangerous code
of the original one. (existing in the program or shared libraries, or injected by the
attacker somehow) instead of the original one.
</para> </para>
</note> </note>