Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 12 Feb 2012 22:46:45 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: Re: -fstack-protector-all and -lssp

On Sun, Feb 12, 2012 at 09:58:52PM +0400, Vasiliy Kulikov wrote:
> Nevertheless, I'll enable -fstack-protector _after_ glibc update.  The
> documentation about -fstack-protector, libssp, libssp_nonshared, pie is
> not very clear for me.  All compilation and usage samples I found are
> about modern glibc.  Enabling -fstack-protector-all by default without
> glibc's support of SSP needs additional changes of gcc's spec
> definitions (in gcc/gcc.c), which are poorly documented.  I really don't
> see any profit of pre-glibc update SSP enabling.  It's better to handle
> in parralel with _FORTIFY_SOURCES.

OK.

BTW, the plan is to enable only -fstack-protector
--param=ssp-buffer-size=2 by default, not -fstack-protector-all.
I don't know why you mention the latter here.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ