| 1 |
> |
| 2 |
> Lastly, this in /etc/sysctl.conf. SYN cookies is kernel option. The fin |
| 3 |
> timeout cut was to clear out tens of thousands of TIME_WAIT sessions. |
| 4 |
> net.ipv4.tcp_fin_timeout = 20 |
| 5 |
> net.ipv4.tcp_syncookies = 1 |
| 6 |
> |
| 7 |
|
| 8 |
Oh I just noticed that vtv is now default enabled for gcc, so you could try; |
| 9 |
CXXFLAGS="${CFLAGS} -fvtable-verify=std" |
| 10 |
|
| 11 |
I tried this on earlier gccs, and there was a fair bit of breakage so i |
| 12 |
didnt persue it. Maybe i'll re-try with 7.2 to see how things have |
| 13 |
progressed. |
| 14 |
|
| 15 |
"security feature that verifies at run time, for every virtual call, that |
| 16 |
the vtable |
| 17 |
pointer through which the call is made is valid for the type of |
| 18 |
the |
| 19 |
object, and has not been corrupted or overwritten. If an invalid |
| 20 |
vtable pointer is detected at run time, an error is reported and |
| 21 |
execution of the program is immediately halted" |
Archives