Enable stack smashing protection

brave / brave-browser

Brave browser for Android, iOS, Linux, macOS, Windows.

https://brave.com

Mozilla Public License 2.0

17.85k stars 2.33k forks source link

Enable stack smashing protection #525

Open jumde opened 6 years ago

jumde commented 6 years ago

Automatic reference counting (-fobjc-arc) helps to prevent use-after-free and use-after-release bugs.
Stack smashing protection (-fstack-protector-all) helps to prevent stack buffer overflows.

garrettr commented 6 years ago

We're already using -fstack-protector-strong for debug builds on macOS, probably worth auditing to make sure we're also using it in release builds and for all supported platforms.

jumde commented 6 years ago

Ignore Automatic reference counting.

bbondy commented 6 years ago

Do you know the perf implication of turning these on @jumde ? Based on What Garrett mentioned on Jul 12, do you know what's actually happening today?

jumde commented 6 years ago

@bbondy

Looks like its enabled for the Helper processes but not the main binary

$ otool -I -v "Brave Browser Beta Helper" | grep stack
0x000000010000ee1c    29 ___stack_chk_fail
0x0000000100010008    30 ___stack_chk_guard
0x0000000100010100    29 ___stack_chk_fail

$ otool -I -v "Brave Browser Beta" | grep stack

jumde commented 6 years ago

Behavior is same in chrome.