Package: libc6 Version: 2.42-13 My understanding is that dpkg-buildflags defaults include -fstack-clash-protection (see https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=11efff1bf), but somehow Debian's glibc appears to not be built with -fstack-clash-protection; there are unprotected large stack allocations in functions like ____strtold_l_internal, ____strtof128_l_internal, tempnam, tmpfile64, and more:
$ wget http://ftp.ch.debian.org/debian/pool/main/g/glibc/libc6_2.42-13_amd64.deb [...] $ ar x libc6_2.42-13_amd64.deb $ tar xf data.tar.xz $ objdump -d usr/lib/x86_64-linux-gnu/libc.so.6 | egrep 'sub *\$0x.{4,},%rsp' | grep -v 0xffffff 51763: 48 81 ec 48 36 00 00 sub $0x3648,%rsp 573c2: 48 81 ec 88 36 00 00 sub $0x3688,%rsp 611ca: 48 81 ec 10 10 00 00 sub $0x1010,%rsp 617a3: 48 81 ec 28 10 00 00 sub $0x1028,%rsp a14f1: 48 81 ec b8 11 00 00 sub $0x11b8,%rsp adeef: 48 81 ec 10 40 00 00 sub $0x4010,%rsp adf11: 48 81 ec 10 10 00 00 sub $0x1010,%rsp c8de0: 48 81 ec 58 36 00 00 sub $0x3658,%rsp cb762: 48 81 ec 10 40 00 00 sub $0x4010,%rsp cb775: 48 81 ec 10 10 00 00 sub $0x1010,%rsp cde80: 48 81 ec 88 36 00 00 sub $0x3688,%rsp e21ed: 48 81 ec d8 28 00 00 sub $0x28d8,%rsp ea72d: 48 81 ec a8 15 00 00 sub $0x15a8,%rsp f395e: 48 81 ec c8 48 00 00 sub $0x48c8,%rsp 106762: 48 81 ec 18 10 00 00 sub $0x1018,%rsp 10b160: 48 81 ec 18 10 00 00 sub $0x1018,%rsp 126a0b: 48 81 ec 00 10 00 00 sub $0x1000,%rsp 12d2ca: 48 81 ec 18 20 00 00 sub $0x2018,%rsp 14fb59: 48 81 ec c8 29 00 00 sub $0x29c8,%rsp 150d76: 48 81 ec 88 22 00 00 sub $0x2288,%rsp 161fee: 48 81 ec c0 11 00 00 sub $0x11c0,%rsp 162530: 48 81 ec 48 10 00 00 sub $0x1048,%rsp Since glibc does not have stack clash protection, the stack clash protection of any software that calls glibc functions with large stack frames is also less effective. Can you please also build glibc with -fstack-clash-protection?
