有用的GCC标志可以提高程序的安全性吗? [英] Useful GCC flags to improve security of your programs?
问题描述
我偶然碰巧碰到一篇文章,提到您可以使用-pie -fPIE启用" ASLR(或者使您的应用程序意识到ASLR).通常也推荐使用-fstack-protector(尽管我很少看到有关它如何以及针对哪种攻击的说明).
By pure chance I stumbled over an article mentioning you can "enable" ASLR with -pie -fPIE (or, rather, make your application ASLR-aware). -fstack-protector is also commonly recommended (though I rarely see explanations how and against which kinds of attacks it protects).
是否有有用的选项列表,并解释了它们如何提高安全性?
Is there a list of useful options and explanations how they increase the security?
...
当您的应用程序使用约30个不使用这些库的库时,这些措施到底有多有用? ;)
And how useful are such measures anyway, when your application uses about 30 libraries that use none of those? ;)
推荐答案
关于您的最后一个问题:
As for your final question:
当您的应用程序使用约30个不使用这些库的库时,这些措施到底有多有用? ;)
And how useful are such measures anyway, when your application uses about 30 libraries that use none of those? ;)
PIE仅对于主程序能够被加载到随机地址是必需的. ASLR始终适用于共享库,因此无论您使用一个共享库还是100个共享库,PIE的好处都是相同的.
PIE is only necessary for the main program to be able to be loaded at a random address. ASLR always works for shared libraries, so the benefit of PIE is the same whether you're using one shared library or 100.
堆栈保护器只会使使用堆栈保护器编译的代码受益,因此,如果您的库中充满了漏洞,那么仅在主程序中使用它就无济于事.
Stack protector will only benefit the code that's compiled with stack protector, so using it just in your main program will not help if your libraries are full of vulnerabilities.
无论如何,我鼓励您不要将这些选项视为应用程序的一部分,而应视为整个系统集成的一部分.如果您在一个程序中使用30多个库(在代码质量和安全性方面可能大部分都是垃圾),该程序将与不受信任的,潜在的恶意数据进行交互,那么构建整个系统将是一个好主意带有堆栈保护器和其他安全强化选项.
In any case, I would encourage you not to consider these options part of your application, but instead part of the whole system integration. If you're using 30+ libraries (probably most of which are junk when it comes to code quality and security) in a program that will be interfacing with untrusted, potentially-malicious data, it would be a good idea to build your whole system with stack protector and other security hardening options.
但是请记住,_FORTIFY_SOURCE的最高级别以及其他一些新的安全选项会破坏合法,正确的程序可能需要做的有效事情,因此您可能需要分析使用它是否安全他们.其中一个选项所做的一项已知危险的事情(我忘了哪个)正在使它成为至少printf的%n指定符,至少在某些情况下不起作用.如果应用程序正在使用%n将偏移量获取到生成的字符串中,并且需要使用该偏移量来稍后写入该偏移量,并且未填充该值,那么这本身就是潜在的漏洞...
Do keep in mind, however, that the highest levels of _FORTIFY_SOURCE and perhaps some other new security options break valid things that legitimate, correct programs may need to do, and thus you may need to analyze whether it's safe to use them. One known-dangerous thing that one of the options does (I forget which) is making it so the %n specifier to printf does not work, at least in certain cases. If an application is using %n to get an offset into a generated string and needs to use that offset to later write in it, and the value isn't filled in, that's a potential vulnerability in itself...
这篇关于有用的GCC标志可以提高程序的安全性吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
