[gdal-dev] gdal with stack smash protection

Kurt Schwehr schwehr at gmail.com
Fri Apr 8 09:13:46 PDT 2022 

I have can confirm that most vanilla hardening available with llvm works
for the core of gdal at around version 2.4.   Can't speak for most drivers
or newer versions, but I would guess that the core is fine with hardening
for newer versions.

Note: binary add-ons are not likely to play well.

On Fri, Apr 8, 2022, 6:51 AM Greg Troxel <gdt at lexort.com> wrote:

>
> Kavitha K <kmskavi at gmail.com> writes:
>
> > I m looking for gdal with build support - stack smash protection
> >
> > please confirm whether it is supported with stack smash protection
> >
> > if yes, which version is supported?
>
> This is the dev list, so I'm assuming
>
>   - you are already comfortable building gdal
>   - you have already run the tests on your own builds
>   - you intend to try to build and use a version with hardening features
>     enabled
>   - you realize that you should rerun the tests with the new build
>
> but that beyond that you wonder if there is experience that would
> suggest you shouldn't try because it's known to fail or that even if
> builds work and tests pass it will be trouble in practice.
>
>
> I maintain gdal in pkgsrc, and I just checked that gdal has no hardening
> annotations, which means it's getting
>
>   Fortify
>   SSP at the "strong" level
>   RELO at the partial level
>   building PIE
>
>   (details at http://www.netbsd.org/docs/pkgsrc/hardening.html)
>
> and with this I don't see test issues that I attribute to this, and I
> actually use gdal including with qgis (all on NetBSD 9 amd64) and see no
> issues.
>
> I am pretty sure if gdal works without SSP and fails with that this
> would be viewed as a bug by the gdal community, but my guess is you
> won't find that, because I haven't, and probably any such issues have
> been long fixed.
>
> Greg
> _______________________________________________
> gdal-dev mailing list
> gdal-dev at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/gdal-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/gdal-dev/attachments/20220408/c40bff23/attachment.html>

More information about the gdal-dev mailing list