[Pidgin] #15290: Compile everything with secure flags

Pidgin trac at pidgin.im
Wed Sep 26 17:43:42 EDT 2012 

#15290: Compile everything with secure flags
-------------------------------------+------------------------------
 Reporter:  DrWhax                   |       Owner:  datallah
     Type:  defect                   |      Status:  closed
Milestone:  2.10.7                   |   Component:  winpidgin (gtk)
  Version:  2.10.6                   |  Resolution:  fixed
 Keywords:  security aslr dep build  |
-------------------------------------+------------------------------

Comment (by noloader):

 Replying to [comment:2 ioerror]:
 > Replying to [comment:1 Robby]:
 > > Replying to [ticket:15290 DrWhax]:
 > > > I hope we can come up with a secure build sequence which will
 guarantee, NX, DEP, ASLR, /GS, SafeSEH(am I missing something?)
 > > Who's "we" then?
 >
 > Anyone involved in helping to do this kind of work - it seems like the
 right answer is to add those flags to the Makefile.mingw - here's what I
 recently added to pidgin-otr to improve compile and linking hardening:
 > {{{
 > CC_HARDENING_OPTIONS ?= -fstack-protector-all -fPIE -Wstack-protector
 -fwrapv --param ssp-buffer-size=1
 > LD_HARDENING_OPTIONS ?= --dynamicbase --nxcompat -pie
 > }}}
 >
 > Later, I just added those two variables into the proper CC and LDFLAGS:
 > {{{
 > override CFLAGS += -g -O2 -Wall $(CC_HARDENING_OPTIONS)
 > LDFLAGS = -Wl,--enable-auto-image-base $(LD_HARDENING_OPTIONS) -lssp
 > }}}
 >
 > ''-lssp'' is required to get the stack smashing protection libraries
 linked in properly.
 >
 > DrWhax - if you build with those flags, what is missing?
 >
 > The full flags used in pidgin-otr are
 [http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/pidgin-
 otr;a=blob;f=Makefile.mingw;h=4a0bd8d034f382cecb246e4111b03c22c7548c70;hb=HEAD
 here]:
 > {{{
 >
 > # Compiling with -fPIE and linking with -pie causes the plugin to crash
 > # on load, so we'll skip those.
 > CC_HARDENING_OPTIONS ?= -fstack-protector-all -Wstack-protector -fwrapv
 \
 >       --param ssp-buffer-size=1 -fno-strict-overflow -Wall -Wextra \
 >       -Wno-unused-parameter -Wno-missing-field-initializers -Wformat-
 security
 > # In theory, we'd also like the following:
 > # LD_HARDENING_OPTIONS ?= -dynamicbase --nxcompat -pie -z relro -z now
 > LD_HARDENING_OPTIONS ?= --dynamicbase --nxcompat
 > }}}
 >
 > And we then set things up accordingly:
 > {{{
 > LDFLAGS = -Wl,--enable-auto-image-base $(LD_HARDENING_OPTIONS)
 > LDLIBS = -lssp
 > override CFLAGS += -g -O2 -Wall $(CC_HARDENING_OPTIONS)
 > }}}
 >
 > If any of that works, I think it should be trivial to generate a patch
 that adds those hardening options.
 Be careful of <tt>-fwrapv</tt>. Its used as a crutch to make illegal
 programs work. Its better to fix the problems.

 The project was given a harden set of flags for Linux at
 https://developer.pidgin.im/ticket/15209. In addition to the GCC flags in
 ticket 15209, it should also be using the following warnings: -Wall
 -Wextra -Wconversion -Wformat=2 -Wformat-security -Wstrict-overflow. GCC
 has good static analysis capabilities, and the feature can be used to find
 a number of defects. The sources have a number of defects when compiled
 with elevated warnings (truncations errors, conversion errors, and
 overflow/wrap).

-- 
Ticket URL: <https://developer.pidgin.im/ticket/15290#comment:11>
Pidgin <http://pidgin.im>
Pidgin

More information about the Tracker mailing list