Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 12 Feb 2012 21:58:52 +0400
From: Vasiliy Kulikov <>
Subject: Re: -fstack-protector-all and -lssp


On Sun, Feb 05, 2012 at 13:25 +0400, Solar Designer wrote:
> > 
> > For (6) and (4) we need glibc update first.  AFAIU, (5) needs modern
> > glibc too.
> > 
> > As Solar said, we're able to use -fstack-protector somehow
> > without glibc, but not to do double work, just enable it with modern
> > glibc.
> I am not sure which is best - do it now or after glibc update.

Nevertheless, I'll enable -fstack-protector _after_ glibc update.  The
documentation about -fstack-protector, libssp, libssp_nonshared, pie is
not very clear for me.  All compilation and usage samples I found are
about modern glibc.  Enabling -fstack-protector-all by default without
glibc's support of SSP needs additional changes of gcc's spec
definitions (in gcc/gcc.c), which are poorly documented.  I really don't
see any profit of pre-glibc update SSP enabling.  It's better to handle
in parralel with _FORTIFY_SOURCES.



Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.