Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to add Stack Canaries to Rust executables?

Tags:

rust

llvm

I'm trying to harden some executables in a project I'm working on. To test, I'm using a hello world program, and checking it with checksec, which reports that there are no canaries. I'm very new to Rust, and the lack of information on Google makes me feel I'm missing something obvious.

With GCC, it's a simple compiler flag: -fstack-protector-all. The closest thing I've found for LLVM is safe stack. However, that doesn't seem to be recognized by the Rust compiler when I try to pass it through to LLVM. For example:

rustc -C llvm-args="-fsanitize=safe-stack" -C link-arg="-fsanitize=safe-stack" test.rust

Results in

rustc: Unknown command line argument '-fsanitize=safe-stack'. Try: 'rustc -help' rustc: Did you mean '-spp-no-call'?

I'm using Rust 1.23.0. I'm trying to add these canaries not just on x86_64, but also on armeabi-v7a, in case that's relevant.

like image 744
CalumMcCall Avatar asked Jan 31 '18 16:01

CalumMcCall

2 Answers

You cannot use LLVM's SafeStack right now.

-fsanitize=safe-stack is a Clang command line option, not necessarily an LLVM one. This likely explains why you get the error you do.

SafeStack support was originally brought up in issue 26612, but enabling it was deferred until more investigation could be performed.

Since SafeStack is a sanitizer, the next thing to follow would be issue 39699, the tracking issue for more sanitizers. Only a few sanitizers and platforms are currently supported. It might be as "simple" as adding it to a list and creating a PR to enable it.

That being said, I believe Rust does have some amount of stack protection. For example, this recent issue talks about how some upcoming changes to glibc are going to affect Rust's stack guard calculations.

like image 146
Shepmaster Avatar answered Sep 18 '22 16:09

Shepmaster

Currently, this isn't supported:

We updated LLVM so there's support for this [safe stack attribute] in our LLVM, and I think that turning this on by default probably wants some investigation and likely an RFC first, so I'm going to close this for now.

-- alexcrichton https://github.com/rust-lang/rust/issues/26612

I'm not able to find an RFC for this feature.

like image 31
Wesley Wiser Avatar answered Sep 19 '22 16:09

Wesley Wiser
Sign in to Comment

Related questions

Open file in read-write mode in Rust [duplicate]
How to import all macros, derives, and procedural macros in Rust 2018 without using extern crate?
Can a trait give a default implementation for the method of a trait that it inherits from?
What is the evaluation order of tuples in Rust?
Why can Serde not derive Deserialize for a struct containing only a &Path?
Should I pass function objects by value or by reference?
How to group imports in Rust with conditional compilation?
Can I use an async fn as a handler in Rocket?
What's the best practice for creating instances of a struct?
Custom getters and setters in a struct
thread '<main>' has overflowed its stack in Rust
Temporarily move out of borrowed content
What is the meaning of 'static as a function constraint?
Escaping commas in macro output
Can I use a method or a function as a closure?
When and how to use a vector of references
How to return a newly created struct as a reference? [duplicate]
How to avoid code duplication of different structs with semantically equal fields/properties?
Understanding (automatic?) Deref/coercion when adding references and values of numbers
Is it possible to implement a method that takes a format string?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!