Hi, 2016-11-04 4:42 GMT+01:00 Guillem Jover <guil...@debian.org>: > Hi! > > On Mon, 2016-05-23 at 11:45:46 +0100, Steven Chamberlain wrote: >> This may be a silly / obvious question to ask, but: >> do any of the proposed hardening options _really_ change the ABI? > > I don't think it's silly at all! I've actually wondered this myself > and asked Bálint in person and at least in #812782, perhaps somewhere > else.
GCC's ASAN needs __asan_init_v1 (and friends) [1] in shared libraries which I consider to be part of the ABI between shared libraries and executables. If we accept that reasinging, the ABI is different a little. If we don't, then the ABI is the same. If we accept that the ABI is different, there still is a problem, namely that the ABI is not stable and this practically prevents making the port an official one in Debian. > >> I think LLVM/Clang's ASan implementation does (for Feature: "symbol size >> changing for global variables" on >> https://github.com/google/sanitizers/wiki/AddressSanitizerClangVsGCC) >> but couldn't confirm if that is the case with GCC (which seems to not >> implement that particular feature, at least). > > I think the problem Bálint described with ASAN was something else, > but TBH I cannot remember what was it. In any case I've found the > documentation about the various *SAN very lacking. :( And this specific > part was not covered at all when I looked at the time. > >> If there's no ABI change, creation of a new arch and gnuhardened*-*-* >> triplet wouldn't be needed; hardened packages would be co-installable >> with official ones without using multi-arch; and perhaps all that is >> needed is a separate archive suite, to achieve what was suggested on >> http://balintreczey.hu/blog/proposing-amd64-hardened-architecture-for-debian/ >> >> (Or, packages in the main archive could enable those hardening options?). > > Exactly my thoughts, and what I also told Bálint at the time. ASAN executable would crash with non-ASAN shared lib with only a separate archive. Multiarch would take care of installing the right libs for ASAN executables. Cheers, Balint > > Thanks, > Guillem [1] http://tsdgeos.blogspot.hu/2014/03/asan-and-libraries.html
