什么时候和如何使用GCC的堆栈保护功能? [英] When and how to use GCC's stack protection feature?
问题描述
我已经启用了 -Wstack-protector 警告时编译我正在开发的项目(一个商业多平台C ++游戏引擎,在Mac OS X 10.6上编译与GCC 4.2)。
此标志警告即使启用 -fstack-protector ,也不会保护堆栈捣毁的函数。
GCC在构建项目时会发出一些警告:
I have enabled the -Wstack-protector warning when compiling the project I'm working on (a commercial multi-platform C++ game engine, compiling on Mac OS X 10.6 with GCC 4.2).
This flag warns about functions that will not be protected against stack smashing even though -fstack-protector is enabled.
GCC emits some warnings when building the project:
不保护函数:无缓冲区至少8个字节
不保护局部变量:可变长度缓冲区
not protecting function: no buffer at least 8 bytes long
not protecting local variables: variable length buffer
对于第一个警告,我发现可以调整最小大小当在函数中使用时,缓冲区必须具有该函数以防止堆栈砸碎: - param ssp-buffer-size = X 可以使用,其中X是8,默认可以低至1。
For the first warning, I found that it is possible to adjust the minimum size a buffer must have when used in a function, for this function to be protected against stack smashing: --param ssp-buffer-size=X can be used, where X is 8 by default and can be as low as 1.
对于第二个警告,我不能抑制其出现,除非我停止使用 -Wstack -protector 。
For the second warning, I can't suppress its occurrences unless I stop using -Wstack-protector.
- 何时应该
-fstack-protector使用? (例如,在开发过程中的所有时间,或者只是在跟踪错误时) - 何时应该
-fstack-protector-all被使用? - 什么是
-Wstack-protector告诉我?这是不是建议我减少缓冲区最小大小? - 如果是,是否有任何缺点将大小设置为1?
- 似乎
-Wstack-protector不是您希望在任何时候启用的标记,建立。这是正确的吗?
- When should
-fstack-protectorbe used? (as in, for instance, all the time during dev, or just when tracking bugs down?) - When should
-fstack-protector-allbe used? - What is
-Wstack-protectortelling me? Is it suggesting that I decrease the buffer minimum size? - If so, are there any downsides to putting the size to 1?
- It appears that
-Wstack-protectoris not the kind of flag you want enabled at all times if you want a warning-free build. Is this right?
推荐答案
堆栈保护是一个强化策略,如果您的游戏具有网络感知能力或者来自不受控制的来源的数据,请将其打开。如果它没有来自某个不受控制的数据,请不要打开它。
Stack-protection is a hardening strategy, not a debugging strategy. If your game is network-aware or otherwise has data coming from an uncontrolled source, turn it on. If it doesn't have data coming from somewhere uncontrolled, don't turn it on.
这是它的播放方式:如果你有一个错误,基于攻击者可以控制的东西,攻击者可以覆盖返回地址或堆栈的类似部分,以使其执行代码,而不是代码。堆栈保护将中止你的程序,如果它检测到这种情况。你的用户不会幸福,但他们也不会被黑客入侵。这不是那种关于在游戏中作弊的黑客,而是一种黑客攻击,这种攻击是关于某人在代码中使用漏洞来创建可能感染您的用户的漏洞。
Here's how it plays out: If you have a bug and make a buffer change based on something an attacker can control, that attacker can overwrite the return address or similar portions of the stack to cause it to execute their code instead of your code. Stack protection will abort your program if it detects this happening. Your users won't be happy, but they won't be hacked either. This isn't the sort of hacking that is about cheating in the game, it's the sort of hacking that is about someone using a vulnerability in your code to create an exploit that potentially infects your user.
对于面向调试的解决方案,看看mudflap之类的东西。
For debugging-oriented solutions, look at things like mudflap.
对于你的具体问题:
- 如果您从不受控制的来源获取数据,请使用堆栈保护程序。答案可能是肯定的。所以使用它。即使您没有来自不受控制的来源的数据,您也许最终或已经做到了,也不会意识到这一点。
-
如果您使用所有缓冲区的堆栈保护,需要额外的保护,以换取一些性能打击。从 gcc4.4.2手动:
-fstack-protector
发出额外代码以检查缓冲区溢出,例如堆栈崩溃攻击。这是通过向易受攻击对象的函数添加保护变量来实现的。这包括调用alloca的函数,以及大于8字节的缓冲区的函数。在输入函数时初始化保护,并在函数退出时检查。如果保护检查失败,则会打印错误消息并退出程序。
-fstack-protector
Emit extra code to check for buffer overflows, such as stack smashing attacks. This is done by adding a guard variable to functions with vulnerable objects. This includes functions that call alloca, and functions with buffers larger than 8 bytes. The guards are initialized when a function is entered and then checked when the function exits. If a guard check fails, an error message is printed and the program exits.
像-fstack-protector,除了所有的函数都受到保护。
Like -fstack-protector except that all functions are protected.
警告告诉您保护不能保护。
The warnings tell you what buffers the stack protection can't protect.
这篇关于什么时候和如何使用GCC的堆栈保护功能?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
