Investigate Clang SafeStack
Categories
(Firefox Build System :: General, enhancement, P3)
Tracking
(Not tracked)
People
(Reporter: tjr, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: sec-want)
Maybe this is something we could add to --enable-hardening https://clang.llvm.org/docs/SafeStack.html
|
||
Updated•6 years ago
|
|
||
Comment 1•6 years ago
|
||
"Certain code that relies on low-level stack manipulations requires adaption to work with SafeStack. One example is mark-and-sweep garbage collection implementations for C/C++ (e.g., Oilpan in chromium/blink), which must be changed to look for the live pointers on both safe and unsafe stacks." "At the moment, compiling dynamic libraries with SafeStack is not supported." The latter seems to make it mostly useless for our purposes?
|
||
Updated•6 years ago
|
|
|
||
Updated•2 years ago
|
|
||
Comment 2•1 year ago
|
||
The SafeStack documentation now states: "Linking a DSO with SafeStack is not currently supported." So building shared objects with SafeStack is supported, its just that the SafeStack runtime must be linked into the main firefox executable.
I first tried to build the js-shell only; with some minor changes all but one jit-tests succeed. Compiling the whole browser with SafeStack completes but there are some issues in the startup process (seems related to signal handlers or longjmps).
The chromium folks decided against shipping the mitigation: https://bugs.chromium.org/p/chromium/issues/detail?id=908597#c1
If you're still considering to deploy the mitigation I'd further investigate the startup problems.
|
Reporter | |
Comment 3•1 year ago
|
||
Given the investigation done by Chrome; progress made with CET and that hardware starting to get into peoples hands, and the likelihood that clang will eventually drop this feature itself, seems like a No.
Description
•