| 1 |
On 2 Aug 2006 at 0:35, Kevin F. Quinn wrote: |
| 2 |
> I think solar's referring to -fno-stack-protector-all. Not too worried |
| 3 |
> about that myself, I think we can hide the change in semantics in |
| 4 |
> flag-o-matic.eclass - actual ebuild use of -fno-stack-protector-all is |
| 5 |
> rare. |
| 6 |
|
| 7 |
or we could patch that option in, i guess the 4.x version of ssp |
| 8 |
can also be convinced to apply to all functions. |
| 9 |
|
| 10 |
> It's that gcc-4.x doesn't pass the caller information (function name |
| 11 |
> and line number) to _stack_chk_fail. |
| 12 |
|
| 13 |
that too can be patched in, but even without this information it |
| 14 |
is still better than nothing (i guess the assumption was that one |
| 15 |
would get a coredump on abort() and could deduce all that and more |
| 16 |
from there). |
| 17 |
|
| 18 |
> I've been thinking that a PaX-style register, stack and perhaps map dump |
| 19 |
> might be a good idea for development environments at least. |
| 20 |
|
| 21 |
a coredump already has all that info, although it's not as easy to |
| 22 |
make use of as dr watson on windows yet, but that'll change when |
| 23 |
utrace (http://people.redhat.com/roland/utrace/) enters mainline. |
| 24 |
|
| 25 |
-- |
| 26 |
gentoo-hardened@g.o mailing list |
Archives