-
Notifications
You must be signed in to change notification settings - Fork 12.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sess: stabilize -C stack-protector=all
#121742
base: master
Are you sure you want to change the base?
sess: stabilize -C stack-protector=all
#121742
Conversation
3375690
to
3f24544
Compare
Stabilization reportStack smashing protection is a codegen option (just enabling this support in LLVM). It inserts stack canaries into functions to detect when stack smashing occurs. Stack canaries are random guard values, which are checked for changes when returning. Stack smashing has been implemented since 2021 and hasn't seen any significant changes since then. Only the Tests
History
Unresolved questions
|
This comment has been minimized.
This comment has been minimized.
3f24544
to
74a3ec1
Compare
This comment has been minimized.
This comment has been minimized.
Stabilizing That said, I find this stabilization somewhat dangerous due to the potential "security theater" it can enable. The value of stack protectors in Rust is much more tenuous than in C, and there is a danger that people will follow the logic "I use |
74a3ec1
to
5a36e35
Compare
I agree that this is a risk. I don't think that we should keep this unstable just because of a risk like this though, if this option is useful and appropriate for some users, then we allow it to be used on stable (absent other concerns). If this option is never useful or appropriate, then we should just remove it altogether, even on nightly. If there is additional context I could add to the documentation for this option about when it is appropriate and when it is not, then I'd be happy to add that. |
Generally agree. Would love to hear from some people who are interested in using |
This comment was marked as resolved.
This comment was marked as resolved.
5a36e35
to
1a07748
Compare
This comment was marked as resolved.
This comment was marked as resolved.
1a07748
to
0265cec
Compare
Some changes occurred in src/doc/rustc/src/exploit-mitigations.md cc @rust-lang/project-exploit-mitigations, @rcvalle Some changes occurred in tests/codegen/stack-protector.rs cc @rust-lang/project-exploit-mitigations, @rcvalle Some changes occurred in tests/ui/stack-protector cc @rust-lang/project-exploit-mitigations, @rcvalle |
This comment was marked as resolved.
This comment was marked as resolved.
0265cec
to
5cfa279
Compare
This comment was marked as resolved.
This comment was marked as resolved.
5cfa279
to
c4eaf05
Compare
|
This comment was marked as resolved.
This comment was marked as resolved.
c4eaf05
to
a67ab4a
Compare
I think this is just waiting until we've decided we've gotten enough feedback from users on whether this would be worth it (like this comment). |
This comment was marked as resolved.
This comment was marked as resolved.
a67ab4a
to
7984036
Compare
This comment was marked as resolved.
This comment was marked as resolved.
7984036
to
51d97e3
Compare
This comment was marked as resolved.
This comment was marked as resolved.
Signed-off-by: David Wood <david@davidtw.co>
51d97e3
to
875a2a0
Compare
cc #114903
r? @nikic