shadow stack
19 views
Skip to first unread message
Jeffrey Birnbaum
Dec 18, 2021, 10:40:17 AM12/18/21
to PCRE2 discussion list
A second problem that I have is that I am trying to build pcre2 10.39 with gcc 4.9.3 and it fails because of newer -mshstk option. Is this required,. Can I just remove that from the configure.ac script or is there a better way via input param to configure?
/JMB
Philip Hazel
Dec 18, 2021, 12:55:21 PM12/18/21
to PCRE2 discussion list
No idea, I'm afraid. I am on gcc 11.1.0 so a long way ahead. I'm sure you could just try removing it ... That configuring code came from somebody else, but "man gcc" says it turns on some X86 feature, so it sounds as if it should be OK to disable it. At your own risk, of course. :-)
Jeffrey Birnbaum
Dec 18, 2021, 1:28:35 PM12/18/21
to PCRE2 discussion list
Yeah, I did a blame and found where it came into the code base. I am fairly certain I can disable without issue. We are trying to move to gcc 11.X but are having problems with ASAN where there appears to be a bug with dlopen, e.g. it fails unless you explicitly have the correct lib path in LD_LIBRARY_PATH. Not a kill shot but a bit pita for our automated testing.
Thanks for responding to my questions on a Saturday - although I almost never take a day away from my keyboard :) - lucky that programmer is my profession and favorite hobby. Lastly, probably should thank you for creating and maintaining one of the most useful open source products available.
Best,
/JMB
Zoltán Herczeg
Dec 19, 2021, 5:44:55 AM12/19/21
to PCRE2 discussion list, Jeffrey Birnbaum
Hi,
shadow stack is a new security feature for intel processors. If the feature is enabled by the operating system, all programs must be compiled with it. If not enabled, you can drop the flag. Since the compiler has no idea where you want to run the binary, this flag must be manually set (cannot be auto-detected).
Regards,
Zoltan
-------- Eredeti levél --------
Feladó: Jeffrey Birnbaum < jmb...@gmail.com (Link -> mailto:jmb...@gmail.com) >
Dátum: 2021 december 18 19:28:43
Tárgy: [pcre2-dev] Re: shadow stack
Címzett: PCRE2 discussion list < pcre...@googlegroups.com (Link -> mailto:pcre...@googlegroups.com) >
shadow stack is a new security feature for intel processors. If the feature is enabled by the operating system, all programs must be compiled with it. If not enabled, you can drop the flag. Since the compiler has no idea where you want to run the binary, this flag must be manually set (cannot be auto-detected).
Regards,
Zoltan
-------- Eredeti levél --------
Feladó: Jeffrey Birnbaum < jmb...@gmail.com (Link -> mailto:jmb...@gmail.com) >
Dátum: 2021 december 18 19:28:43
Tárgy: [pcre2-dev] Re: shadow stack
Címzett: PCRE2 discussion list < pcre...@googlegroups.com (Link -> mailto:pcre...@googlegroups.com) >
Jeffrey Birnbaum
Dec 19, 2021, 9:45:18 AM12/19/21
to PCRE2 discussion list
Zoltan,
Hmm, that is going to be interesting. The moment a company enables this then lots of software they run will stop working ... For example, the software the work on, "AMPS", is used in most of the largest financial firms in the world and none of our software is compiled with cet enabled.
/JMB
Reply all
Reply to author
Forward
0 new messages