| 1 |
On 01/19/2015 03:27 PM, Michael Cook wrote: |
| 2 |
> On 01/19/2015 06:09 PM, walt wrote: |
| 3 |
>> gcc-4.9.2 surprised me by landing on ~amd64 today, and I'm still |
| 4 |
>> very vague about the status of stack protection on gentoo. |
| 5 |
>> |
| 6 |
>> I seem to recall reading (somewhere) that gcc-4.9.x is needed for |
| 7 |
>> compiling the kernel with CONFIG_CC_STACK_PROTECTOR_STRONG so I've |
| 8 |
>> never tried it until today. |
| 9 |
>> |
| 10 |
>> Is my recollection accurate? Does gcc-4.9.x include more/different |
| 11 |
>> support than gcc-4.8.x for stack protection? |
| 12 |
>> |
| 13 |
>> Anyway, so far, so good. I recompiled and rebooted kernel 3.14.29 |
| 14 |
>> with strong stack protection enabled and all seems good. (Uptime is |
| 15 |
>> 20 minutes and counting ;) |
| 16 |
>> |
| 17 |
>> |
| 18 |
>> |
| 19 |
> Yep, they added another stack protector option. Basically it offers |
| 20 |
> better security than compiling with -fstack-protector and less |
| 21 |
> overkill than compiling with -fstack-protector-all. |
| 22 |
> |
| 23 |
> Read more http://lwn.net/Articles/584225/ (it is GCC 4.9+) |
| 24 |
|
| 25 |
Excellent article, thanks for the link. |
| 26 |
|
| 27 |
Maybe you can un-confuse me about the "libssp" useflag? Some googling |
| 28 |
has made me think that the gcc package *can* install libssp, but my |
| 29 |
gcc-4.9.2 is built with the --disable-libssp flag, which (maybe?) |
| 30 |
prevents the installation of libssp? (I definitely don't have libssp.) |
| 31 |
|
| 32 |
Who might want to use libssp, and why might I want to avoid it? |
| 33 |
|
| 34 |
Thanks for any clues. |
Archives