1 |
thanks for this... my amd64 doesn't seem to have used -fstack-protector |
2 |
|
3 |
cephas ~ # nm /bin/kill |grep __stack_smash_handler |
4 |
nm: /bin/kill: no symbols |
5 |
|
6 |
cephas ~ # nm /bin/kill |grep __guard |
7 |
nm: /bin/kill: no symbols |
8 |
|
9 |
is it something that I have to specify in my CFLAGS? |
10 |
|
11 |
ie: CFLAGS="-O2 -march=opteron -pipe -fomit-frame-pointer |
12 |
-fstack-protector" ? |
13 |
|
14 |
I *though* it was already included in gcc 3.4 for opterons.. |
15 |
|
16 |
ta |
17 |
|
18 |
Kevin F. Quinn wrote: |
19 |
|
20 |
>Mike Frysinger wrote: |
21 |
> |
22 |
> |
23 |
>>On Wednesday 11 May 2005 08:04 am, Rob Holland wrote: |
24 |
>> |
25 |
>> |
26 |
>>>On Wed, May 11, 2005 at 10:51:18AM +0100, Pedro Venda wrote: |
27 |
>>> |
28 |
>>> |
29 |
>>>>I'm left with a doubt: how to find out if some binary was compiled |
30 |
>>>>with -fstack-protector gcc option? |
31 |
>>>> |
32 |
>>>> |
33 |
>>>I think: nm /bin/foo|grep guard |
34 |
>>>should tell you, if you see a guard symbol, it has ssp. |
35 |
>>> |
36 |
>>> |
37 |
>>nm doesnt always worked (it'll fail on stripped binaries), but `readelf > -s foo | grep guard` should work fine |
38 |
>> |
39 |
>> |
40 |
> |
41 |
>'__guard' would be better than 'guard', to avoid false positives. Personally I use '__stack_smash_handler' |
42 |
> |
43 |
>Kev. |
44 |
> |
45 |
> |
46 |
> |
47 |
> |
48 |
> |
49 |
> |
50 |
-- |
51 |
gentoo-hardened@g.o mailing list |