-
Notifications
You must be signed in to change notification settings - Fork 206
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add -fstack-protector
support to wasi-libc
#351
Conversation
5bd8c21
to
122e26c
Compare
Inlcude `__stack_chk_fail.c` and initialize `__stack_chk_guard` in ctor. ``` $ cat main.c char input[] = "0123456789012345"; int main(void) { char buf[8]; for (char *sp = input, *dp = buf; *sp != '\0'; sp++, dp++) { *dp = *sp; } return 0; } $ clang main.c -fstack-protector $ wasmtime ./a.out Error: failed to run main module `./a.out` Caused by: 0: failed to invoke command default 1: wasm trap: wasm `unreachable` instruction executed wasm backtrace: 0: 0x258 - <unknown>!__stack_chk_fail 1: 0x21e - <unknown>!__original_main 2: 0xca - <unknown>!_start ```
122e26c
to
6eb1cd1
Compare
Seems reasonable. IIUC Is suppose the security benefits of |
This uses wasi random_get at initialization time, which could make it impossible to run |
Would be nice to make it optional via a |
It doesn't detect stack overflow. wasm-ld's
Yes, I agree that the security benefit would be small. TBH, my main motivation is just reducing
Good point. To be precise, the ctor is included only when stack protector is enabled in user code, so it can be an issue when wizer and
The random seed is used for randomizing the canary. I think it's still useful without ASLR to prevent bypassing guards by overwriting statically known canary. @TerrorJack |
The Makefile already supports |
Ah, I just experimented compiling with this patch and discovered there's no extra overhead if none of libc or user code is compiled with |
@TerrorJack Yes! Thank you for experimenting on your side :) |
@TerrorJack Thanks for doing that experiment! This looks good. |
Inlcude `__stack_chk_fail.c` and initialize `__stack_chk_guard` in ctor. ``` $ cat main.c char input[] = "0123456789012345"; int main(void) { char buf[8]; for (char *sp = input, *dp = buf; *sp != '\0'; sp++, dp++) { *dp = *sp; } return 0; } $ clang main.c -fstack-protector $ wasmtime ./a.out Error: failed to run main module `./a.out` Caused by: 0: failed to invoke command default 1: wasm trap: wasm `unreachable` instruction executed wasm backtrace: 0: 0x258 - <unknown>!__stack_chk_fail 1: 0x21e - <unknown>!__original_main 2: 0xca - <unknown>!_start ```
Inlcude
__stack_chk_fail.c
and initialize__stack_chk_guard
in ctor.This allows userland stack smash protection.