| 1 |
Francisco Blas Izquierdo Riera (klondike) wrote: |
| 2 |
> El 23/10/11 05:56, Steven J Long escribió: |
| 3 |
>> Will we be able to switch off SSP via config, or will we have to setup |
| 4 |
>> our own profile? |
| 5 |
> This should do the trick: |
| 6 |
> CFLAGS=$CFLAGS -fno-stack-protector |
| 7 |
|
| 8 |
Well, with quotes ;) but yeah that's what I was after; just something I |
| 9 |
can add somewhere in make.conf. |
| 10 |
|
| 11 |
Paweł Hajdan, Jr. wrote: |
| 12 |
> In my proposal the SSP would be off by default on non-hardened profiles, |
| 13 |
> at least initially. At any time I'd like it to be switchable via |
| 14 |
> gcc-config, as it currently is on hardened. |
| 15 |
|
| 16 |
That sounds good too; I'll use the default and then add -fstack-protector |
| 17 |
to package.env should I ever want to compile a package like that. (In case |
| 18 |
it sounds like I don't care about security, it's just that I don't like |
| 19 |
stack canaries, and feel address-space randomization via -fPIE will make |
| 20 |
the classic return-address subversion pretty difficult. Of course I might |
| 21 |
be missing something again, but I'm not administering a server.) |
| 22 |
|
| 23 |
Thanks for your replies, and all the hard work you do. |
| 24 |
Regards, |
| 25 |
igli. |
| 26 |
-- |
| 27 |
#friendly-coders -- We're friendly, but we're not /that/ friendly ;-) |
Archives