wg-best-practices-os-developers icon indicating copy to clipboard operation
wg-best-practices-os-developers copied to clipboard

Published 20 hours ago verified publisher icon ossf

split-stack feature on GCC and clang compiler

Open Flo4152 opened this issue 1 year ago • 2 comments

GCC and clang compiler offer feature to allocate discontinuous stack when running out of stack memory. The -fsplit-stack option activates this behavior on GCC (https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#index-fsplit-stack / https://gcc.gnu.org/wiki/SplitStacks) and clang (https://llvm.org/docs/SegmentedStacks.html).

This option can mitigate some stack exhaustion issues.

Do you think this option may have its place on "Compiler Hardening Guide"?

Regards,

Flo4152 avatar Dec 09 '23 17:12 Flo4152

Information about security benefits of split-stack option can be found on a article from Red-Hat website : https://developers.redhat.com/articles/2022/06/02/use-compiler-flags-stack-protection-gcc-and-clang#

We have the chance to have one of the two authors, @siddhesh, already contributing to the guide. Maybe this option was already discussed.

Regards,

Flo4152 avatar Dec 11 '23 09:12 Flo4152

Has this been addressed by the C/C++ Compiler Hardening options guide? @gkunz @thomasnyman @david-a-wheeler

SecurityCRob avatar May 08 '24 18:05 SecurityCRob