Gentoo Archives: gentoo-dev

From: Ryan Hill <rhill@g.o>
To: gentoo-dev@l.g.o
Cc: pr@g.o
Subject: [gentoo-dev] Re: [RFC] News item: GCC 4.8.3 defaults to -fstack-protector
Date: Wed, 11 Jun 2014 03:48:23
Message-Id: 20140610214750.11e599b3@caribou.gateway.pace.com
In Reply to: [gentoo-dev] [RFC] News item: GCC 4.8.3 defaults to -fstack-protector by Ryan Hill
1 v2: Restrict by arch
2 --
3
4 Title: GCC 4.8.3 defaults to -fstack-protector
5 Author: Ryan Hill <rhill@g.o>
6 Content-Type: text/plain
7 Posted: 2014-06-10
8 Revision: 1
9 News-Item-Format: 1.0
10 Display-If-Installed: >=sys-devel/gcc-4.8.3
11 Display-If-Keyword: amd64
12 Display-If-Keyword: arm
13 Display-If-Keyword: mips
14 Display-If-Keyword: ppc
15 Display-If-Keyword: ppc64
16 Display-If-Keyword: x86
17
18 Beginning with GCC 4.8.3, Stack Smashing Protection (SSP) will be
19 enabled by default. The 4.8 series will enable -fstack-protector
20 while 4.9 and later enable -fstack-protector-strong.
21
22 SSP is a security feature that attempts to mitigate stack-based buffer
23 overflows by placing a canary value on the stack after the function
24 return pointer and checking for that value before the function returns.
25 If a buffer overflow occurs and the canary value is overwritten, the
26 program aborts.
27
28 There is a small performance cost to these features. They can be
29 disabled with -fno-stack-protector.
30
31 For more information these options, refer to the GCC Manual, or the
32 following articles.
33
34 http://en.wikipedia.org/wiki/Buffer_overflow_protection
35 http://en.wikipedia.org/wiki/Stack_buffer_overflow
36 https://securityblog.redhat.com/tag/stack-protector
37 http://www.outflux.net/blog/archives/2014/01/27/fstack-protector-strong
38
39
40 --
41 Ryan Hill psn: dirtyepic_sk
42 gcc-porting/toolchain/wxwidgets @ gentoo.org
43
44 47C3 6D62 4864 0E49 8E9E 7F92 ED38 BD49 957A 8463

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies