Creshal Creshal - 2 months ago 18
C Question

Useful GCC flags to improve security of your programs?

By pure chance I stumbled over an article mentioning you can "enable" ASLR with

-pie -fPIE
(or, rather, make your application ASLR-aware).
-fstack-protector
is also commonly recommended (though I rarely see explanations how and against which kinds of attacks it protects).

Is there a list of useful options and explanations how they increase the security?

...

And how useful are such measures anyway, when your application uses about 30 libraries that use none of those? ;)

R.. R..
Answer

As for your final question:

And how useful are such measures anyway, when your application uses about 30 libraries that use none of those? ;)

PIE is only necessary for the main program to be able to be loaded at a random address. ASLR always works for shared libraries, so the benefit of PIE is the same whether you're using one shared library or 100.

Stack protector will only benefit the code that's compiled with stack protector, so using it just in your main program will not help if your libraries are full of vulnerabilities.

In any case, I would encourage you not to consider these options part of your application, but instead part of the whole system integration. If you're using 30+ libraries (probably most of which are junk when it comes to code quality and security) in a program that will be interfacing with untrusted, potentially-malicious data, it would be a good idea to build your whole system with stack protector and other security hardening options.

Do keep in mind, however, that the highest levels of _FORTIFY_SOURCE and perhaps some other new security options break valid things that legitimate, correct programs may need to do, and thus you may need to analyze whether it's safe to use them. One known-dangerous thing that one of the options does (I forget which) is making it so the %n specifier to printf does not work, at least in certain cases. If an application is using %n to get an offset into a generated string and needs to use that offset to later write in it, and the value isn't filled in, that's a potential vulnerability in itself...

Comments