544980 – >=sys-devel/gcc-4.9: enable -fvtable-verify on hardened systems

Bug 544980 - >=sys-devel/gcc-4.9: enable -fvtable-verify on hardened systems

Summary: >=sys-devel/gcc-4.9: enable -fvtable-verify on hardened systems

Status:	RESOLVED OBSOLETE

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal enhancement (vote)
Assignee:	Gentoo Toolchain Maintainers

URL:	https://gcc.gnu.org/ml/gcc-patches/20...
Whiteboard:
Keywords:

Depends on:	547040
Blocks:
	Show dependency tree

Reported:	2015-03-29 17:20 UTC by SpanKY
Modified:	2020-02-02 18:57 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SpanKY gentoo-dev

2015-03-29 17:20:23 UTC

the gcc-4.9 release includes C++ vtable verification.  we should turn this on on hardened systems (namely, the -fvtable-verify=preinit flag).

CrOS did some performance tests and found 6% lose across devices, but it was largely focused on Chrome.

Comment 1 Anthony Basile gentoo-dev

2015-03-29 19:30:58 UTC

I added the original design proposals.  There were a few bug fixes early on by Tice, but it looks like it has matured.

Comment 2 Justin N. Ferguson 2015-04-27 15:12:43 UTC

> namely, the -fvtable-verify=preinit flag

I am not overly familiar with the internals of the emerge build system, but there will need to be flags specific to building executables and shared libraries. At present, preinit makes use of .init_array et al, which is not present in shared libraries.

The options appear to be switching everything to -ftable-verify=start, modifying the source to replace .init_array with __attribute__((constructor(x)) semantics (which may or may not work), or developing a tiered approach to build flags.

It's not entirely clear to me if preinit is even necessary or overly provides any new security functionality.

As an addendum, Anthony is likely correct, some level of apprehension is probably called for. I've not done a comprehensive audit by any means, but a random scanning of some portions led me to think it probably needs a better review to ensure that it is not introducing issues, although I suspect all thats needed is some of the mprotect() related functionality might be best split into a a library that can be unloaded after initialization.

Comment 3 Sergei Trofimovich (RETIRED) gentoo-dev

2020-02-01 23:44:53 UTC

Is vtable-verify still worth considering? Or vtable-verify is not being actively developed nowadays?

Comment 4 Jory A. Pratt gentoo-dev

2020-02-02 00:05:41 UTC

(In reply to Sergei Trofimovich from comment #3)
> Is vtable-verify still worth considering? Or vtable-verify is not being
> actively developed nowadays?

This change will break packages from Mozilla, it is also shown to slow the entire system down. If anything -fsanitize=vptr would be a much saner approach.

Comment 5 Magnus Granberg gentoo-dev

2020-02-02 17:19:20 UTC

(In reply to Sergei Trofimovich from comment #3)
> Is vtable-verify still worth considering? Or vtable-verify is not being
> actively developed nowadays?
I think is not worth to considering now days.

Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev

2020-02-02 18:57:40 UTC

Thanks! Let's close it as obsolete.