From: | Ryan Hill <rhill@g.o> |
---|---|
To: | gentoo-dev@g.o, gentoo-dev-announce@g.o, pr@g.o |
Subject: | [gentoo-dev] [RFC] News item: GCC 4.8.3 defaults to -fstack-protector |
Date: | Tue, 10 Jun 2014 00:16:18 |
Message-Id: | 20140609181602.7e843747@caribou.gateway.pace.com |
1 | Title: GCC 4.8.3 defaults to -fstack-protector |
2 | Author: Ryan Hill <rhill@g.o> |
3 | Content-Type: text/plain |
4 | Posted: 2014-06-10 |
5 | Revision: 1 |
6 | News-Item-Format: 1.0 |
7 | Display-If-Installed: >=sys-devel/gcc-4.8.3 |
8 | |
9 | Beginning with GCC 4.8.3, Stack Smashing Protection (SSP) will be |
10 | enabled by default. The 4.8 series will enable -fstack-protector |
11 | while 4.9 and later enable -fstack-protector-strong. |
12 | |
13 | SSP is a security feature that attempts to mitigate stack-based buffer |
14 | overflows by placing a canary value on the stack after the function |
15 | return pointer and checking for that value before the function returns. |
16 | If a buffer overflow occurs and the canary value is overwritten, the |
17 | program aborts. |
18 | |
19 | There is a small performance cost to these features. They can be |
20 | disabled with -fno-stack-protector. |
21 | |
22 | For more information these options, refer to the GCC Manual, or the |
23 | following articles. |
24 | |
25 | http://en.wikipedia.org/wiki/Buffer_overflow_protection |
26 | http://en.wikipedia.org/wiki/Stack_buffer_overflow |
27 | https://securityblog.redhat.com/tag/stack-protector |
28 | http://www.outflux.net/blog/archives/2014/01/27/fstack-protector-strong |
29 | |
30 | |
31 | -- |
32 | Ryan Hill psn: dirtyepic_sk |
33 | gcc-porting/toolchain/wxwidgets @ gentoo.org |
34 | |
35 | 47C3 6D62 4864 0E49 8E9E 7F92 ED38 BD49 957A 8463 |
File name | MIME type |
---|---|
signature.asc | application/pgp-signature |
Subject | Author |
---|---|
Re: [gentoo-dev] [RFC] News item: GCC 4.8.3 defaults to -fstack-protector | Jeroen Roovers <jer@g.o> |
[gentoo-dev] Re: [RFC] News item: GCC 4.8.3 defaults to -fstack-protector | Ryan Hill <rhill@g.o> |