| 1 |
Rich Freeman <rich0 <at> gentoo.org> writes: |
| 2 |
|
| 3 |
|
| 4 |
> > '-fstack-protector-strong' is supported as of gcc-4.9.x - unless you |
| 5 |
> > upgrade, you'll forced to use the regular one. |
| 6 |
|
| 7 |
> > I think it's not even that unlikely that you don't even want the strong |
| 8 |
> > version. |
| 9 |
|
| 10 |
> Ironically enough, your last sentence overflowed my parsing stack. :) |
| 11 |
|
| 12 |
|
| 13 |
From: https://securityblog.redhat.com/tag/stack-protector/ |
| 14 |
"The GCC flags -fstack-protector and -fstack-protector-all activate the |
| 15 |
Stack Smashing Protector (SSP). When any of these flags are used, GCC |
| 16 |
instruments the function return instruction with a probabilistic check that |
| 17 |
the stack frame is not corrupted. " |
| 18 |
|
| 19 |
From: |
| 20 |
http://www.outflux.net/blog/archives/2014/01/27/fstack-protector-strong/ |
| 21 |
|
| 22 |
"The stack protector feature itself adds a known canary to the stack during |
| 23 |
function preamble, and checks it when the function returns. " |
| 24 |
|
| 25 |
Bug 517428 was/is a request to setup Ftrace/trace-cmd/KernelShark |
| 26 |
as a fine-grained tool, for such issuses as fstack-protector events. |
| 27 |
|
| 28 |
As we all know, I'm still struggling with learning the ebuild_gymnasitcs, |
| 29 |
but bug 517428 is looking(begging) for a knowledgable person to get an |
| 30 |
Ftrace/trace-cmd/kernelshark ebuild working. This will provide a |
| 31 |
fantastic tool for low-level as well as application code diagnostics. |
| 32 |
|
| 33 |
|
| 34 |
:) |
| 35 |
hth, |
| 36 |
James |
| 37 |
|
| 38 |
[1] http://en.wikipedia.org/wiki/Ftrace |
Archives