C/C++ Clang stack canary and SafeStack combined?

ldilley

New Member


Messages: 2

Greetings.

I am able to produce a binary with Clang that has either a stack canary or SafeStack protection, but not both. SafeStack seems to take precedence if both the "-fstack-protector-all" and "-fsanitize=safe-stack" options are specified. Are these Clang options mutually exclusive? I cannot seem to find anything elsewhere pertaining to this issue. My goal is to produce a binary with both protections which should be possible as far as I'm aware. Any guidance would be sincerely appreciated.

My Clang and FreeBSD versions are below along with relevant output. The "checksec" script below calls "readelf" to check for certain symbols in the ELF binary. The script source can be viewed/obtained here if desired: https://raw.githubusercontent.com/slimm609/checksec.sh/master/checksec. In this context, the script is looking for the following symbols:

Stack Canary
Code:
    41: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __stack_chk_fail
    42: 0000000000204020    64 OBJECT  GLOBAL DEFAULT   24 __stack_chk_guard

SafeStack
Code:
   372: 0000000000208640   336 FUNC    GLOBAL DEFAULT   13 __safestack_init

Bash:
ldilley@fbsdev:~ % clang --version
FreeBSD clang version 8.0.1 (tags/RELEASE_801/final 366581) (based on LLVM 8.0.1)
Target: x86_64-unknown-freebsd12.1
Thread model: posix

ldilley@fbsdev:~ % freebsd-version
12.1-RELEASE-p10
InstalledDir: /usr/bin

ldilley@fbsdev:~ % clang -fstack-protector-all -fsanitize=safe-stack aslr.c -o aslr
ldilley@fbsdev:~ % ./checksec.sh --file=aslr --extended
RELRO           STACK CANARY      NX            PIE             SELFRANDO             Clang CFI            SafeStack            RPATH      RUNPATH      Symbols         FORTIFY Fortified       Fortifiable     FILE
Partial RELRO   No canary found   NX enabled    No PIE          No Selfrando          No Clang CFI found   SafeStack found      No RPATH   No RUNPATH   409 Symbols      No    1               2               aslr

ldilley@fbsdev:~ % clang -fstack-protector-all aslr.c -o aslr
ldilley@fbsdev:~ % ./checksec.sh --file=aslr --extended
RELRO           STACK CANARY      NX            PIE             SELFRANDO             Clang CFI            SafeStack            RPATH      RUNPATH      Symbols         FORTIFY Fortified       Fortifiable     FILE
Partial RELRO   Canary found      NX enabled    No PIE          No Selfrando          No Clang CFI found   No SafeStack found   No RPATH   No RUNPATH   44 Symbols       No    1               2               aslr
 
Top