什么样的GCC选项可以提供最佳的防范内存损坏漏洞,例如缓冲区溢出和悬挂指针? GCC是否提供任何类型的ROP链缓解?是否有性能问题或其他问题妨碍GCC选项在生产中的任务关键应用程序上运行?
我正在查看 Debian Hardening Guide 以及 GCC Mudflap 。以下是我正在考虑的配置:
-D_FORTIFY_SOURCE = 2 -fstack-protector --param ssp- buffer-size = 4 -fPIE -pie -Wl,-z,relro,-z,now(ld -z relro和ld -z now)是否可以对这组选项进行任何改进?假设最新版本的GCC,如果你知道任何酷炫的即将推出的功能,请告诉我! 解决方案
不是GCC选项,但与GCC兼容。请参阅我们的 CheckPointer 工具,该工具可检测大多数内存管理错误。
执行速度显着放缓;该工具必须跟踪指针和分配存储的有效性,并增加开销。
What set of GCC options provide the best protection against memory corruption vulnerabilities such as Buffer Overflows, and Dangling Pointers? Does GCC provide any type of ROP chain mitigation? Are there performance concerns or other issues that would prevent this GCC option from being on a mission critical application in production?
I am looking at the Debian Hardening Guide as well as GCC Mudflap. Here are the following configurations I am considering:
-D_FORTIFY_SOURCE=2 -fstack-protector --param ssp-buffer-size=4 -fPIE -pie -Wl,-z,relro,-z,now (ld -z relro and ld -z now)Are there any improvments that can be made to this set of options? Assume the most recent version of GCC, if you know of any cool upcoming feature, let me know!
解决方案Not a GCC option, but compatible with GCC. See our CheckPointer tool, that detects most memory management errors.
There is a significant slowdown in execution; the tool has to track the validity of pointers and allocated storage, and that adds overhead.
更多推荐
GCC编译C / C ++最强化的选项是什么?
发布评论