Date: Sun, 12 Feb 2012 21:58:52 +0400 From: Vasiliy Kulikov <segoon@...nwall.com> To: owl-dev@...ts.openwall.com Subject: Re: -fstack-protector-all and -lssp Solar, On Sun, Feb 05, 2012 at 13:25 +0400, Solar Designer wrote: > > 6) -D_FORTIFY_SOURCE=2 > > > > For (6) and (4) we need glibc update first. AFAIU, (5) needs modern > > glibc too. > > > > As Solar said, we're able to use -fstack-protector somehow > > without glibc, but not to do double work, just enable it with modern > > glibc. > > I am not sure which is best - do it now or after glibc update. Nevertheless, I'll enable -fstack-protector _after_ glibc update. The documentation about -fstack-protector, libssp, libssp_nonshared, pie is not very clear for me. All compilation and usage samples I found are about modern glibc. Enabling -fstack-protector-all by default without glibc's support of SSP needs additional changes of gcc's spec definitions (in gcc/gcc.c), which are poorly documented. I really don't see any profit of pre-glibc update SSP enabling. It's better to handle in parralel with _FORTIFY_SOURCES. Thanks, -- Vasiliy
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.