14

How to enable Stack Smashing Protection in pure swift application?

I did try to put "-fstack-protector-all" flag to Other C++ Flags under project build settings tab in xCode, but is seems that, this flag is unused or have no impact on builded application.

To verifie build I'm using otool -Iv AppBinary | grep stack.

Daniel Sumara
  • 2,234
  • 20
  • 25
  • Did you got the answer to this question – nkp Apr 12 '17 at 13:42
  • No. I haven't. To fulfill client requirements I added UIView as Objective-C class. This create umbrella headers to objective-c and project was compiled as mixed Swift-Obj-c project (not pure swift project). This view wasn't used any ware... It just was. – Daniel Sumara Apr 12 '17 at 13:49
  • Thanks for your input... – nkp Apr 14 '17 at 05:02
  • Check my answer, hope it may help – Joe Apr 29 '17 at 04:02
  • I did the same as you - a C-flag setting. I used radare2's toolset to verify if it was enabled. `rabin2 -I | grep -E 'pic|bits|arch|canary'` btw - when I wrote a small C app to prove this was working, I had created only one Struct. This had NO char arrays inside. In this case, you see zero stack guard code in the asm code even if Smashing Smashing is enabled. – rustyMagnet Aug 28 '18 at 07:43
  • @rustyMagnet can you or (anyone else) provide instructions or a link to a proj that will cause this flag to work? I have tried it on a brand new swift app using XCode template, adding objc file and bridging header and still doesnt produce the protector flag in binary – stonedauwg Mar 19 '19 at 12:52

3 Answers3

13

In Swift, Stack smashing is enabled by default one only need to add the "-fstack-protector-all" flag under build settings in objective-c applications.

How to check if stack smashing is enabled. Run the otool command and presence of stack_chk_guard and stack_chk_fail means the code is stack smashing protected.

$ otool -Iv <appname>|grep stack
0x0013dfg   520 ___stack_chk_fail
0x001d009   521 ___stack_chk_guard
0x001fd345   520 ___stack_chk_fail
0x000000010087efd   513 ___stack_chk_fail
0x0000000100098hf3 514 ___stack_chk_guard
0x00000001000897gfr   513 ___stack_chk_fail
Joe
  • 3,774
  • 1
  • 17
  • 25
  • 1
    i exported ipa using adhoc signing. I grab the binary in it. I ran otool and the result nicely showed. But this not happens for ipa using appstore signing. Is it normal? – axunic Sep 10 '18 at 14:11
  • 4
    Exactly where in build settings we have to set "-fstack-protector-all" – Madan Mohan Nov 21 '18 at 13:29
  • 1
    Not seeing it enabled by default. Created the Single View template app in XCode, built and exported ad hoc and no stack protector flag was there – stonedauwg Mar 19 '19 at 12:49
5

I was also facing this in my 100% Swift project.

Whenever I added -fstack-protector-all to the "Other C-Flags" Build Settings the flags did not show up in the binary as described in the other comments.

enter image description here

What I did was to create an Objective-C Class…

// DummyClassForSSP.h
#import <Foundation/Foundation.h>

NS_ASSUME_NONNULL_BEGIN

@interface DummyClassForSSP : NSObject
+ (void)dummyCallSoFlagsShowUpInIPA;
@end

NS_ASSUME_NONNULL_END

… added a dummy implementation …

// DummyClassForSSP.m
#import "DummyClassForSSP.h"

@implementation DummyClassForSSP

+ (void)dummyCallSoFlagsShowUpInIPA {}

@end

… and called it from my AppDelegate.

func application(_ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool {
....
DummyClassForSSP.dummyCallSoFlagsShowUpInIPA()
...
}

After that the flags showed up as described.

btype
  • 1,593
  • 19
  • 32
  • This solution worked for me as well but I have one question why Objective-C Class required here and why it is not working without Objective-C Class? – Prema Janoti Dec 29 '20 at 10:32
0

A bit late to the party but as it might be helpful for other's seeking advice: Joe's answer is not correct. -fstack-protector-all is a flag on the GCC compiler. (Documentation here: https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html)

For swift applications, the GCC compiler is not involved here. Instead it's the swiftc compiler with different options and settings. Alas, I don't know of comparable options for the latter one.

Adding an objective-c class to the project as @btype suggests, is not helping your swift sourcecode, as it only affects the Obj-C and C code. But if you use 3rd party libraries written in Obj-C it's still a valuable setting. But make sure, you set this flag on the right target, if 3rd party libraries are embedded as separate targets.

Cheers, Chris

Chris
  • 21
  • 1
  • "you set this flag on the right target" what is the flag you are taking about ? And where we need to set the flag ? Please explain bit detail & screen shots improve the answer to get more upvotes – Arshad Shaik Dec 24 '20 at 10:43
  • @ArshadShaik did you got the solution where we need to set the flag. – Rahul Gupta Sep 22 '21 at 05:53