Gentoo Archives: gentoo-dev

From:	Ryan Hill <rhill@g.o>
To:	gentoo-dev@g.o, gentoo-dev-announce@g.o, pr@g.o
Subject:	[gentoo-dev] [RFC] News item: GCC 4.8.3 defaults to -fstack-protector
Date:	Tue, 10 Jun 2014 00:16:18
Message-Id:	`20140609181602.7e843747@caribou.gateway.pace.com`

1	Title: GCC 4.8.3 defaults to -fstack-protector
2	Author: Ryan Hill <rhill@g.o>
3	Content-Type: text/plain
4	Posted: 2014-06-10
5	Revision: 1
6	News-Item-Format: 1.0
7	Display-If-Installed: >=sys-devel/gcc-4.8.3
8
9	Beginning with GCC 4.8.3, Stack Smashing Protection (SSP) will be
10	enabled by default. The 4.8 series will enable -fstack-protector
11	while 4.9 and later enable -fstack-protector-strong.
12
13	SSP is a security feature that attempts to mitigate stack-based buffer
14	overflows by placing a canary value on the stack after the function
15	return pointer and checking for that value before the function returns.
16	If a buffer overflow occurs and the canary value is overwritten, the
17	program aborts.
18
19	There is a small performance cost to these features. They can be
20	disabled with -fno-stack-protector.
21
22	For more information these options, refer to the GCC Manual, or the
23	following articles.
24
25	http://en.wikipedia.org/wiki/Buffer_overflow_protection
26	http://en.wikipedia.org/wiki/Stack_buffer_overflow
27	https://securityblog.redhat.com/tag/stack-protector
28	http://www.outflux.net/blog/archives/2014/01/27/fstack-protector-strong
29
30
31	--
32	Ryan Hill psn: dirtyepic_sk
33	gcc-porting/toolchain/wxwidgets @ gentoo.org
34
35	47C3 6D62 4864 0E49 8E9E 7F92 ED38 BD49 957A 8463

File name	MIME type
signature.asc	application/pgp-signature

Subject	Author
Re: [gentoo-dev] [RFC] News item: GCC 4.8.3 defaults to -fstack-protector	Jeroen Roovers <jer@g.o>
[gentoo-dev] Re: [RFC] News item: GCC 4.8.3 defaults to -fstack-protector	Ryan Hill <rhill@g.o>