Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document stack-protector option #111722

Merged
merged 2 commits into from
May 23, 2023
Merged

Document stack-protector option #111722

merged 2 commits into from
May 23, 2023

Conversation

mrcnski
Copy link
Contributor

@mrcnski mrcnski commented May 18, 2023

Only updated exploit-mitigations.md to reflect that the option exists. Removed the alternatives mentioned as they are not actually implemented yet.

As this is an unstable feature, should it be added to unstable-book also? Example. I didn't do that because I couldn't find the tracking issue for stack-protector. (There should be one to track stabilization of the feature, I think?)

cc @rcvalle

@mrcnski
Document stack-protector option
2151792 
Only updated `exploit-mitigations.md` to reflect that the option exists. Removed the alternatives
mentioned as they are not actually implemented yet.

As this is an unstable feature, should it be added to `unstable-book` also? I didn't do that because
I couldn't find the tracking issue for it. (There should be one to track stabilization of the
feature.)
@rustbot
Copy link
Collaborator

rustbot commented May 18, 2023

r? @JohnTitor

(rustbot has picked a reviewer for you, use r? to override)

@rustbot rustbot added the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label May 18, 2023
@rcvalle
Copy link
Member

rcvalle commented May 19, 2023

Here is an updated "Fig. 14. IDA Pro listing cross references to __stack_chk_fail in hello-rust." (i.e., image3.png) for you to update:

image3

@rcvalle
Copy link
Member

rcvalle commented May 19, 2023

I also suggest changing

To check if stack smashing protection is enabled for a given binary, search
for cross references to `__stack_chk_fail`. The only cross references to
`__stack_chk_fail` in hello-rust are from the statically-linked libbacktrace
library (see Fig. 14).

to

To check if stack smashing protection is enabled for a given binary, search
for cross references to `__stack_chk_fail` (see Fig. 14).

@JohnTitor
Copy link
Member

r? rcvalle

@rustbot rustbot assigned rcvalle and unassigned JohnTitor May 19, 2023
@rcvalle rcvalle added the PG-exploit-mitigations Project group: Exploit mitigations label May 19, 2023
@rcvalle rcvalle linked an issue May 19, 2023 that may be closed by this pull request
Document stack smashing protection #93052
Closed
@mrcnski
Copy link
Contributor Author

mrcnski commented May 19, 2023
edited
Loading

Thanks for the review @rcvalle! Will make the changes, I just want to make sure I understand them correctly: does the presence of cross-references to __stack_chk_fail in the binary mean that stack-protector is turned on? If so, is it expected that the number of cross-references went down since the feature was implemented? (15 -> 1)

@rcvalle
Copy link
Member

rcvalle commented May 19, 2023
edited
Loading

Thanks for the review @rcvalle! Will make the changes, I just want to make sure I understand them correctly: does the presence of cross-references to __stack_chk_fail in the binary mean that stack-protector is turned on?

Yes, the presence of cross-references to __stack_chk_fail from Rust-compiled code (e.g., hello_rust::main) indicates that the stack smashing protection is enabled.

If so, is it expected that the number of cross-references went down since the feature was implemented? (15 -> 1)
The only cross references to

Note that previously there were no cross-references to __stack_chk_fail from Rust-compiled code. The only cross references to __stack_chk_fail were from the statically-linked libbacktrace library (i.e., non Rust-compiled code).

@mrcnski
Copy link
Contributor Author

mrcnski commented May 21, 2023

Done!

@rcvalle
Copy link
Member

rcvalle commented May 22, 2023

Thank you for your time and for working on this, @mrcnski! Much appreciated.

@rcvalle
Copy link
Member

rcvalle commented May 22, 2023

@bors r+

@bors
Copy link
Contributor

bors commented May 22, 2023

@rcvalle: 🔑 Insufficient privileges: Not in reviewers

@cuviper
Copy link
Member

cuviper commented May 22, 2023

@bors r=rcvalle

@bors
Copy link
Contributor

bors commented May 22, 2023

📌 Commit a4d6d9a has been approved by rcvalle

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels May 22, 2023
@matthiaskrgr matthiaskrgr mentioned this pull request May 23, 2023
Merged
bors added a commit to rust-lang-ci/rust that referenced this pull request May 23, 2023
@bors
Auto merge of rust-lang#111882 - matthiaskrgr:rollup-1xyv5mq, r=matth…
d569987 
…iaskrgr

Rollup of 7 pull requests

Successful merges:

 - rust-lang#111427 ([rustdoc][JSON] Use exclusively externally tagged enums in the JSON representation)
 - rust-lang#111486 (Pretty-print inherent projections correctly)
 - rust-lang#111722 (Document stack-protector option)
 - rust-lang#111761 (fix(resolve): not defined `extern crate shadow_name`)
 - rust-lang#111845 (Update books)
 - rust-lang#111851 (CFI: Fix encode_region: unexpected ReEarlyBound(0, 'a))
 - rust-lang#111871 (Migrate GUI colors test to original CSS color format)

r? `@ghost`
`@rustbot` modify labels: rollup
@bors bors merged commit ee08dd8 into rust-lang:master May 23, 2023
@rustbot rustbot added this to the 1.71.0 milestone May 23, 2023
@rcvalle rcvalle mentioned this pull request Aug 16, 2023
Open
@davidtwco davidtwco mentioned this pull request Feb 28, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@rcvalle rcvalle

Labels
PG-exploit-mitigations Project group: Exploit mitigations S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion.
Projects
None yet
Milestone
1.71.0
Development

Successfully merging this pull request may close these issues.

Document stack smashing protection
6 participants
@mrcnski @rustbot @rcvalle @JohnTitor @bors @cuviper