security feature parity gcc and clang
play

Security Feature Parity: GCC and Clang Linux Plumbers Conference - PowerPoint PPT Presentation

Oct 02, 2023 •388 likes •552 views

Security Feature Parity: GCC and Clang Linux Plumbers Conference 2019 Kees Cook <keescook@chromium.org> https://outflux.net/slides/2019/lpc/gcc-clang.pdf old school security feature examples stack canaries: -fstack-protector-strong

  1. Security Feature Parity: GCC and Clang Linux Plumbers Conference 2019 Kees Cook <keescook@chromium.org> https://outflux.net/slides/2019/lpc/gcc-clang.pdf

  2. old school security feature examples stack canaries: -fstack-protector-strong ● uninitialized variable analysis: -Wmaybe-uninitialized ● format string safety analysis: -Wformat-security ● read-only relocations: -Wl,-z,relro ● immediate bindings: -Wl,-z,bindnow ● Position Independent Executable to use ASLR: -Wl,-z,pie -fPIE ● Variable Length Array analysis: -Wvla ●

  3. overview of newer features gcc clang function sections yes yes implicit fallthrough yes yes Link Time Optimization yes yes stack probing yes no Spectre v1 mitigation no yes caller-saved register wiping patch no stack variable auto-initialization plugin yes structure layout randomization plugin no signed overflow protection yes, usability issues yes, usability issues unsigned overflow protection no yes, usability issues backward edge CFI hardware only hardware w/ arm64 soft forward edge CFI hardware only yes

  4. per-function sections -ffunction-sections ● gcc: working! – clang: working! – Supports fine-grain ASLR (randomize sections at kernel boot) ●

  5. switch case fallthrough markings -Wimplicit-fallthrough ● gcc: __attribute__((fallthrough)) and parses comments too! – clang: __attribute__((fallthrough)) – Kernel now free of implicit fallthroughs ● Looking through the roughly 500 patches just in the last year, about 10% – of warnings were real bugs

  6. Link Time Optimization gcc: -flto ● clang: -flto or -flto=thin ● Required for software CFI ● Lots of pain to update build tooling ● Questions about C memory model vs Kernel memory model ●

  7. stack probing gcc: -fstack-clash-protection ● clang: needed ● Defense against giant VLAs/alloca()s ● Kernel removed all VLA usage, so this is mainly a concern for userspace. ●

  8. Spectre v1 mitigation gcc: needed ● clang: -mspeculative-load-hardening ● https://llvm.org/docs/SpeculativeLoadHardening.html Performance impact is relatively high, but lower than using lfence ● everywhere.

  9. zero caller-saved registers on func return gcc: patch only ● -mzero-caller-saved-regs=used https://github.com/clearlinux-pkgs/gcc/blob/master/zero-regs-gcc8.patch clang: needed ● Virtually no performance impact (xor is highly pipelined), and makes sure no ● leftover register contents can be used for speculation-style attacks.

  10. stack variable auto-initialization gcc: plugin only ● https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/scripts/gcc- plugins/structleak_plugin.c clang: -ftrivial-auto-var-init=pattern (needs ...=zero ) ● Linus wants to be able to depend on zeroing in the kernel ●

  11. structure layout randomization __attribute__((randomize_layout)) ● gcc: plugin only – https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/scripts/g cc-plugins/randomize_layout_plugin.c clang: stalled https://reviews.llvm.org/D59254 – Fun for really paranoid builds ●

  12. signed overflow protection -fsanitize=signed-integer-overflow ● gcc: working! – clang: working! – Available handling modes need improvement (e.g. 6% object size increase ● just from the warning text additions). Better to have a user-defined handler. Would be nice to have a “warn and continue with saturated value” mode ● instead of either “die” or “warn and continue with wrapped value”.

  13. unsigned overflow detection -fsanitize=unsigned-integer-overflow ● gcc: needed – clang: working! – This one isn’t technically “undefined behavior”, but it certainly leads to exploitable conditions. ● Same thoughts as signed overflow: ● Available handling modes need improvement (e.g. 6% object size increase just from the – warning text additions). Better to have a user-defined handler. Would be nice to have a “warn and continue with saturated value” mode instead of either – “die” or “warn and continue with wrapped value”.

  14. CFI (backward edge: returns) hardware ● x86: CET feature bit – no compiler support needed! ● arm64: PAC instructions – gcc: -mbranch-protection=pac-ret ● clang: -mbranch-protection=pac-ret ● needs function attribute to disable branch-protection – software shadow stack ● clang: -fsanitize=shadow-call-stack on arm64 only (x86: wait for – CET?) gcc: needed –

  15. CFI (forward edge: indirect calls) hardware (coarse-grain: entry points) ● x86: ENDBR instruction – gcc: -fcf-protection=branch ● clang: -fcf-protection=branch ● arm64: BTI instruction – gcc: -mbranch-protection=bti ● clang: -mbranch-protection=bti ● – needs function attribute to disable branch-protection software (fine-grain: per-function-prototype) ● clang: -fsanitize=cfi – We really need fine-grain forward edge CFI: stops automated gadget exploitation ● https://www.usenix.org/conference/usenixsecurity19/presentation/wu-wei –

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

An update on Clang-based C++ Tooling Manuel Klimek Daniel Jasper Tomorrowland (from Euro LLVM

An update on Clang-based C++ Tooling Manuel Klimek Daniel Jasper Tomorrowland (from Euro LLVM

An update on Clang-based C++ Tooling Manuel Klimek Daniel Jasper Tomorrowland (from Euro LLVM DevMeeting 2012) Tools Editor integration clang-format Emacs clang-lint Vim clang-rename Eclipse

122 views • 8 slides
Developing the Clang Static Analyzer Artem Dergachev, Apple Clang Static Analyzer Finds bugs

Developing the Clang Static Analyzer Artem Dergachev, Apple Clang Static Analyzer Finds bugs

Developing the Clang Static Analyzer Artem Dergachev, Apple Clang Static Analyzer Finds bugs at compile time by inspecting your source code Bugs it finds are more sophisticated than warnings or Clang-Tidy Clang Static Analyzer 1

544 views • 29 slides
Life of an instruction in Clang / LLVM Francis Visoiu Mistrih - francis@lse.epita.fr 1 / 20

Life of an instruction in Clang / LLVM Francis Visoiu Mistrih - francis@lse.epita.fr 1 / 20

Life of an instruction in Clang / LLVM Francis Visoiu Mistrih - francis@lse.epita.fr 1 / 20 Clang foo.c - C int foo(int a, int b) { return a + b; } 2 / 20 Clang AST clang-check -ast-dump foo.c TranslationUnitDecl 0x29eaa20

225 views • 20 slides
The Clang AST A Tutorial by Manuel Klimek You'll learn: 1. The basic structure of the Clang AST

The Clang AST A Tutorial by Manuel Klimek You'll learn: 1. The basic structure of the Clang AST

The Clang AST A Tutorial by Manuel Klimek You'll learn: 1. The basic structure of the Clang AST 2. How to navigate the AST 3. Tools to understand the AST 4. Interfaces to code against the AST (Tooling, AST matchers, etc) The Structure of the

602 views • 44 slides
1 Two-Dimensional Parity Internet Checksum Use 1-dimensional parity Idea Add up all

1 Two-Dimensional Parity Internet Checksum Use 1-dimensional parity Idea Add up all

Error Coding Parity 1-bit error detection with parity Transmission process may introduce errors into a message. Add an extra bit to a code to ensure an even (odd) number of 1s Single bit errors versus burst errors Every

284 views • 4 slides
Parity-Violating and Parity-Conserving Asymmetries in ep and eN Scattering in the Qweak

Parity-Violating and Parity-Conserving Asymmetries in ep and eN Scattering in the Qweak

Parity-Violating and Parity-Conserving Asymmetries in ep and eN Scattering in the Qweak Experiment Wouter Deconinck September 29, 2017 Electroweak Box Workshop, Amherst Center for Fundamental Interactions Supported by the National Science

1.05k views • 82 slides
Solving parity games Definition (Parity game) G = V E , V A , R , : V N where

Solving parity games Definition (Parity game) G = V E , V A , R , : V N where

Solving parity games Definition (Parity game) G = V E , V A , R , : V N where V E is the set of vertices for Eve, V A is the set of vertices for Adam, R V V is the move relation, defines the parity

951 views • 11 slides
1-D and 2-D Parity FEC draft-ietf-fecframe-1d2d-parity-scheme-00 IETF 73 November 2008 Ali

1-D and 2-D Parity FEC draft-ietf-fecframe-1d2d-parity-scheme-00 IETF 73 November 2008 Ali

1-D and 2-D Parity FEC draft-ietf-fecframe-1d2d-parity-scheme-00 IETF 73 November 2008 Ali C. Begen abegen@cisco.com Introduction 1-D and 2-D parity codes are systematic FEC codes of decent complexity that provide protection against

262 views • 9 slides
Introduction to Risk Parity and Budgeting Chapter 5 Risk Parity Applied to Alternative

Introduction to Risk Parity and Budgeting Chapter 5 Risk Parity Applied to Alternative

Introduction to Risk Parity and Budgeting Chapter 5 Risk Parity Applied to Alternative Investments Thierry Roncalli &amp; CRC Press c Evry University &amp; Lyxor Asset Management, France Instructors may find the description of the

333 views • 22 slides
clang-format Automatic formatting for C++ (Daniel Jasper - djasper@google.com) Why? A

clang-format Automatic formatting for C++ (Daniel Jasper - djasper@google.com) Why? A

clang-format Automatic formatting for C++ (Daniel Jasper - djasper@google.com) Why? A consistent coding style is important Formatting is tedious Clang's source files contain ~25% whitespace characters Sema::NameClassification

511 views • 24 slides
Even/odd parity (1) Computers can sometimes make errors when they transmit data. Even/odd

Even/odd parity (1) Computers can sometimes make errors when they transmit data. Even/odd

Even/odd parity (1) Computers can sometimes make errors when they transmit data. Even/odd parity: is basic method for detecting if an odd number of bits has been switched by accident. Odd parity: The number of 1-bit must add up

122 views • 8 slides
Switching a Linux distributions main toolchain to LLVM/Clang Bernhard Bero

Switching a Linux distributions main toolchain to LLVM/Clang Bernhard Bero

Switching a Linux distributions main toolchain to LLVM/Clang Bernhard Bero Rosenkrnzer, OpenMandriva/LinDev EuroLLVM 2019 When and why did we do it? Made the decision and started the transition around the time of the clang 3.5

204 views • 18 slides
GCC/Clang Optimizations for Embedded Linux Khem Raj, Comcast Embedded Linux Conference &amp;

GCC/Clang Optimizations for Embedded Linux Khem Raj, Comcast Embedded Linux Conference &amp;

GCC/Clang Optimizations for Embedded Linux Khem Raj, Comcast Embedded Linux Conference &amp; OpenIOT summit Portland, OR Introduction To Clang Native compiler FrontEnd to LLVM Infrastructure Supports C/C++ and Objective-C The

517 views • 20 slides
Using Clang for fun and profit Examples from the Chromium project Hans Wennborg hwennborg (at)

Using Clang for fun and profit Examples from the Chromium project Hans Wennborg hwennborg (at)

Using Clang for fun and profit Examples from the Chromium project Hans Wennborg hwennborg (at) google.com GOTO Aarhus 2013 Outline Chromium Background Numbers Clang Background Error Messages Warnings Tools Conclusion Introducing

429 views • 27 slides
Structure-aware fuzzing for Clang and LLVM with libprotobuf-mutator Kostya Serebryany, Vitaly

Structure-aware fuzzing for Clang and LLVM with libprotobuf-mutator Kostya Serebryany, Vitaly

Structure-aware fuzzing for Clang and LLVM with libprotobuf-mutator Kostya Serebryany, Vitaly Buka, Matt Morehouse; Google October 2017 Agenda Fuzzing Fuzzing Clang/LLVM Fuzzing Clang/LLVM better (structure-aware)

914 views • 35 slides
Parity Violating Electron Scattering at Jefferson Lab Prof. Kent Paschke Intro to PVeS Parity

Parity Violating Electron Scattering at Jefferson Lab Prof. Kent Paschke Intro to PVeS Parity

Parity Violating Electron Scattering at Jefferson Lab Prof. Kent Paschke Intro to PVeS Parity Symmetry Parity transformation x , y , z x , y , z Right handed Left handed p L S

391 views • 38 slides
Fuzzy Techniques Provide In General, Signal and . . . a Theoretical Explanation Tikhonov

Fuzzy Techniques Provide In General, Signal and . . . a Theoretical Explanation Tikhonov

Traditional Use of . . . Fuzzy Logic Can Help . . . Case Study Need for Deblurring Fuzzy Techniques Provide In General, Signal and . . . a Theoretical Explanation Tikhonov Regularization Limitations of . . . for the Heuristic Let Us Apply

419 views • 26 slides
LP-based Heuristics for Cost-optimal Planning Florian Gabriele Malte Blai Pommerening 1 oger 1

LP-based Heuristics for Cost-optimal Planning Florian Gabriele Malte Blai Pommerening 1 oger 1

LP Heuristics Theoretical Results Empirical Results Conclusion LP-based Heuristics for Cost-optimal Planning Florian Gabriele Malte Blai Pommerening 1 oger 1 R Helmert 1 Bonet 2 1 University of Basel, Switzerland 2 Universidad Sim on

402 views • 27 slides
The moment-LP and moment-SOS approaches Jean B. Lasserre LAAS-CNRS and Institute of Mathematics,

The moment-LP and moment-SOS approaches Jean B. Lasserre LAAS-CNRS and Institute of Mathematics,

The moment-LP and moment-SOS approaches Jean B. Lasserre LAAS-CNRS and Institute of Mathematics, Toulouse, France ICERM, Providence, February 2014 Jean B. Lasserre semidefinite characterization Why polynomial optimization? LP- and SDP-

1.27k views • 97 slides
MEG Ryu Sawada 20/Feb/2011 17th ICEPP Symposium MEG collaboration : ~60

MEG Ryu Sawada 20/Feb/2011 17th ICEPP Symposium MEG collaboration : ~60

MEG Ryu Sawada 20/Feb/2011 17th ICEPP Symposium MEG collaboration : ~60 physicists from 13 institutes Japan : ICEPP U. of Tokyo, Waseda U., KEK Italy : INFN&amp;U.Genova, INFN&amp;U.Lecce, INFN&amp;U.Pavia INFN&amp;U.Pisa,

382 views • 19 slides
Estimating Properties of Social Networks via Random Walk considering Private Nodes Kazuki

Estimating Properties of Social Networks via Random Walk considering Private Nodes Kazuki

KDD 2020 Research track Estimating Properties of Social Networks via Random Walk considering Private Nodes Kazuki Nakajima Kazuyuki Shudo Tokyo Institute of Technology Graph Sampling on Social Networks Purpose: Understand global social

443 views • 21 slides
Welcome! Reducing Emergency Department among MI Population Learning Series- Systems Improvement-

Welcome! Reducing Emergency Department among MI Population Learning Series- Systems Improvement-

Welcome! Reducing Emergency Department among MI Population Learning Series- Systems Improvement- What CCOs Can Do- Virtual Learning Collaborative The session will start shortly! Best Practices: Please keep your mic muted if you are not

513 views • 37 slides
Growing Global Leaders Advancing Palliative Care Exploring the Leadership Practices Inventory

Growing Global Leaders Advancing Palliative Care Exploring the Leadership Practices Inventory

Growing Global Leaders Advancing Palliative Care Exploring the Leadership Practices Inventory Shannon Y. Moore, MD, MPH LDI C2 RC1 February 05-12, 2013 Objectives Define LPI Background Practical implications for

137 views • 12 slides
Intro duction 1 Goals of the lecture: W eak Conjunctive Predicates Logic fo r

Intro duction 1 Goals of the lecture: W eak Conjunctive Predicates Logic fo r

Intro duction 1 Goals of the lecture: W eak Conjunctive Predicates Logic fo r global p redicates W eak conjunctive algo rithm References: Garg and W aldec k er 94 Vija c y K. Ga rg Distributed

186 views • 14 slides

More recommend