1 |
On 01/19/2015 03:27 PM, Michael Cook wrote: |
2 |
> On 01/19/2015 06:09 PM, walt wrote: |
3 |
>> gcc-4.9.2 surprised me by landing on ~amd64 today, and I'm still |
4 |
>> very vague about the status of stack protection on gentoo. |
5 |
>> |
6 |
>> I seem to recall reading (somewhere) that gcc-4.9.x is needed for |
7 |
>> compiling the kernel with CONFIG_CC_STACK_PROTECTOR_STRONG so I've |
8 |
>> never tried it until today. |
9 |
>> |
10 |
>> Is my recollection accurate? Does gcc-4.9.x include more/different |
11 |
>> support than gcc-4.8.x for stack protection? |
12 |
>> |
13 |
>> Anyway, so far, so good. I recompiled and rebooted kernel 3.14.29 |
14 |
>> with strong stack protection enabled and all seems good. (Uptime is |
15 |
>> 20 minutes and counting ;) |
16 |
>> |
17 |
>> |
18 |
>> |
19 |
> Yep, they added another stack protector option. Basically it offers |
20 |
> better security than compiling with -fstack-protector and less |
21 |
> overkill than compiling with -fstack-protector-all. |
22 |
> |
23 |
> Read more http://lwn.net/Articles/584225/ (it is GCC 4.9+) |
24 |
|
25 |
Excellent article, thanks for the link. |
26 |
|
27 |
Maybe you can un-confuse me about the "libssp" useflag? Some googling |
28 |
has made me think that the gcc package *can* install libssp, but my |
29 |
gcc-4.9.2 is built with the --disable-libssp flag, which (maybe?) |
30 |
prevents the installation of libssp? (I definitely don't have libssp.) |
31 |
|
32 |
Who might want to use libssp, and why might I want to avoid it? |
33 |
|
34 |
Thanks for any clues. |