Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 5 Nov 2014 18:01:40 +0200
From: Timo Teras <>
To: John Spencer <>
Cc:, Gregor Richards <>
Subject: Re: fixing -fPIE + -fstack-protector-all

On Wed, 05 Nov 2014 16:25:03 +0100
John Spencer <> wrote:

> using -fPIE + -fstack-protector-all is currently broken for a number
> of architectures (most notably i386) in the default gcc setup
> (including the musl-cross patches), as it depends on a
> libssp_nonshared.a which provides __stack_chk_fail_local().

In Alpine Linux we are patching gcc to unconditionally to have

And making musl package provide that library:

This is for two reasons:

1. gcc bootstrap is broken if it's to be compiled with
-fstack-protector otherwise

2. Linking without "-fstack-protector" flag with .a or .o files that
have been compiled with SSP would break.

Basically, __stack_chk_fail_local symbol should be provided always.
Agreeably gcc should emit 'hlt' or similar instead of that function
call. Or at least provide implementation for that function with 'once'


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.