1 |
Rich Freeman <rich0 <at> gentoo.org> writes: |
2 |
|
3 |
|
4 |
> > '-fstack-protector-strong' is supported as of gcc-4.9.x - unless you |
5 |
> > upgrade, you'll forced to use the regular one. |
6 |
|
7 |
> > I think it's not even that unlikely that you don't even want the strong |
8 |
> > version. |
9 |
|
10 |
> Ironically enough, your last sentence overflowed my parsing stack. :) |
11 |
|
12 |
|
13 |
From: https://securityblog.redhat.com/tag/stack-protector/ |
14 |
"The GCC flags -fstack-protector and -fstack-protector-all activate the |
15 |
Stack Smashing Protector (SSP). When any of these flags are used, GCC |
16 |
instruments the function return instruction with a probabilistic check that |
17 |
the stack frame is not corrupted. " |
18 |
|
19 |
From: |
20 |
http://www.outflux.net/blog/archives/2014/01/27/fstack-protector-strong/ |
21 |
|
22 |
"The stack protector feature itself adds a known canary to the stack during |
23 |
function preamble, and checks it when the function returns. " |
24 |
|
25 |
Bug 517428 was/is a request to setup Ftrace/trace-cmd/KernelShark |
26 |
as a fine-grained tool, for such issuses as fstack-protector events. |
27 |
|
28 |
As we all know, I'm still struggling with learning the ebuild_gymnasitcs, |
29 |
but bug 517428 is looking(begging) for a knowledgable person to get an |
30 |
Ftrace/trace-cmd/kernelshark ebuild working. This will provide a |
31 |
fantastic tool for low-level as well as application code diagnostics. |
32 |
|
33 |
|
34 |
:) |
35 |
hth, |
36 |
James |
37 |
|
38 |
[1] http://en.wikipedia.org/wiki/Ftrace |