stackoom
  简体   繁体   中英

How to add Stack Canaries to Rust executables?

 原文  2018-01-31 16:56:05       rust/ llvm

Question

I'm trying to harden some executables in a project I'm working on. To test, I'm using a hello world program, and checking it with checksec , which reports that there are no canaries. I'm very new to Rust, and the lack of information on Google makes me feel I'm missing something obvious.

With GCC, it's a simple compiler flag: -fstack-protector-all . The closest thing I've found for LLVM is safe stack . However, that doesn't seem to be recognized by the Rust compiler when I try to pass it through to LLVM. For example: 

rustc -C llvm-args="-fsanitize=safe-stack" -C link-arg="-fsanitize=safe-stack" test.rust

Results in

rustc: Unknown command line argument '-fsanitize=safe-stack'. Try: 'rustc -help' rustc: Did you mean '-spp-no-call'?

I'm using Rust 1.23.0. I'm trying to add these canaries not just on x86_64, but also on armeabi-v7a, in case that's relevant.

2 answers

solution1
 6  2018-01-31 18:34:27

Currently, this isn't supported:

We updated LLVM so there's support for this [safe stack attribute] in our LLVM, and I think that turning this on by default probably wants some investigation and likely an RFC first, so I'm going to close this for now.

-- alexcrichton https://github.com/rust-lang/rust/issues/26612

I'm not able to find an RFC for this feature.

solution2
 6 ACCPTED  2018-01-31 18:34:40

You cannot use LLVM's SafeStack right now.

-fsanitize=safe-stack is a Clang command line option, not necessarily an LLVM one. This likely explains why you get the error you do.

SafeStack support was originally brought up in issue 26612 , but enabling it was deferred until more investigation could be performed.

Since SafeStack is a sanitizer, the next thing to follow would be issue 39699 , the tracking issue for more sanitizers. Only a few sanitizers and platforms are currently supported. It might be as "simple" as adding it to a list and creating a PR to enable it.

That being said, I believe Rust does have some amount of stack protection. For example, this recent issue talks about how some upcoming changes to glibc are going to affect Rust's stack guard calculations.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Why are Rust executables so huge? How to implement a mutable cactus stack in Rust? How to increase the stack size available to a Rust library? How to place a C struct on the function stack in Rust? How does Rust model iterators? Stack or Heap? How to measure a functions stack usage in Rust? How to correctly represent a stack based language in Rust? rust how is String Pointer allocated on stack? How does Rust move stack variables that are not Copyable? Why does the Rust compiler generate huge executables?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM