From: | Ryan Hill <rhill@g.o> | ||
---|---|---|---|
To: | gentoo-dev@l.g.o | ||
Cc: | pr@g.o | ||
Subject: | [gentoo-dev] Re: [RFC] News item: GCC 4.8.3 defaults to -fstack-protector | ||
Date: | Wed, 11 Jun 2014 03:48:23 | ||
Message-Id: | 20140610214750.11e599b3@caribou.gateway.pace.com | ||
In Reply to: | [gentoo-dev] [RFC] News item: GCC 4.8.3 defaults to -fstack-protector by Ryan Hill |
1 | v2: Restrict by arch |
2 | -- |
3 | |
4 | Title: GCC 4.8.3 defaults to -fstack-protector |
5 | Author: Ryan Hill <rhill@g.o> |
6 | Content-Type: text/plain |
7 | Posted: 2014-06-10 |
8 | Revision: 1 |
9 | News-Item-Format: 1.0 |
10 | Display-If-Installed: >=sys-devel/gcc-4.8.3 |
11 | Display-If-Keyword: amd64 |
12 | Display-If-Keyword: arm |
13 | Display-If-Keyword: mips |
14 | Display-If-Keyword: ppc |
15 | Display-If-Keyword: ppc64 |
16 | Display-If-Keyword: x86 |
17 | |
18 | Beginning with GCC 4.8.3, Stack Smashing Protection (SSP) will be |
19 | enabled by default. The 4.8 series will enable -fstack-protector |
20 | while 4.9 and later enable -fstack-protector-strong. |
21 | |
22 | SSP is a security feature that attempts to mitigate stack-based buffer |
23 | overflows by placing a canary value on the stack after the function |
24 | return pointer and checking for that value before the function returns. |
25 | If a buffer overflow occurs and the canary value is overwritten, the |
26 | program aborts. |
27 | |
28 | There is a small performance cost to these features. They can be |
29 | disabled with -fno-stack-protector. |
30 | |
31 | For more information these options, refer to the GCC Manual, or the |
32 | following articles. |
33 | |
34 | http://en.wikipedia.org/wiki/Buffer_overflow_protection |
35 | http://en.wikipedia.org/wiki/Stack_buffer_overflow |
36 | https://securityblog.redhat.com/tag/stack-protector |
37 | http://www.outflux.net/blog/archives/2014/01/27/fstack-protector-strong |
38 | |
39 | |
40 | -- |
41 | Ryan Hill psn: dirtyepic_sk |
42 | gcc-porting/toolchain/wxwidgets @ gentoo.org |
43 | |
44 | 47C3 6D62 4864 0E49 8E9E 7F92 ED38 BD49 957A 8463 |
File name | MIME type |
---|---|
signature.asc | application/pgp-signature |
Subject | Author |
---|---|
Re: [gentoo-dev] Re: [RFC] News item: GCC 4.8.3 defaults to -fstack-protector | Jeroen Roovers <jer@g.o> |