| 1 |
On 01/19/2015 06:09 PM, walt wrote: |
| 2 |
> gcc-4.9.2 surprised me by landing on ~amd64 today, and I'm still very vague |
| 3 |
> about the status of stack protection on gentoo. |
| 4 |
> |
| 5 |
> I seem to recall reading (somewhere) that gcc-4.9.x is needed for compiling |
| 6 |
> the kernel with CONFIG_CC_STACK_PROTECTOR_STRONG so I've never tried it until |
| 7 |
> today. |
| 8 |
> |
| 9 |
> Is my recollection accurate? Does gcc-4.9.x include more/different support |
| 10 |
> than gcc-4.8.x for stack protection? |
| 11 |
> |
| 12 |
> Anyway, so far, so good. I recompiled and rebooted kernel 3.14.29 with strong |
| 13 |
> stack protection enabled and all seems good. (Uptime is 20 minutes and counting ;) |
| 14 |
> |
| 15 |
> |
| 16 |
> |
| 17 |
Yep, they added another stack protector option. Basically it offers |
| 18 |
better security than compiling with -fstack-protector and less overkill |
| 19 |
than compiling with -fstack-protector-all. |
| 20 |
|
| 21 |
Read more http://lwn.net/Articles/584225/ (it is GCC 4.9+) |
Archives