1

I'm trying to set option -fstack-protector-all in GCC 3.4.3 compiler for enabling some stack smashing protection scenarios. However when compiling with this i got
error: unrecognized command line option "-fstack-protector-all" . So seems this option isn't implemented in GCC 3.4.3 ?? or Am I missing something ?

If it is not implemented in older GCC compiler what is the best / easiest alternative to this ?

Or maybe some useful code pattern to implement stack-smashing protector in C code itself ?

Thanks

Charles
  • 50,943
  • 13
  • 104
  • 142
Agnius Vasiliauskas
  • 10,935
  • 5
  • 50
  • 70

1 Answers1

0

You seem to be only one minor version off a gcc version that seems to be able to provide you with this particular smash protection. I found this when googling:

http://www.research.ibm.com/trl/projects/security/ssp/

Maybe you could upgrade to that one (one minor number up) and still be compatible with your vendor?

Additionally, as at least for a number of years canary values are default set in gcc (no need to use the option you mention), have you looked at the disassembly of a simple program? If you see some storing/loading from a (gs) location near end of stack, it's already implemented.

gnometorule
  • 2,151
  • 2
  • 20
  • 29
  • Oups. That's how it's implemented in x86 Linux. But you probably would have a similar copying to and fro a protected memory region in ARM as well. – gnometorule Dec 14 '11 at 13:02
  • About default smashing protection setting - it is enabled by default on _SOME_ systems, but not for all. For example - SSP is disabled in Linux Mint. – Agnius Vasiliauskas Dec 14 '11 at 19:51