[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20120212175852.GA11392@albatros>
Date: Sun, 12 Feb 2012 21:58:52 +0400
From: Vasiliy Kulikov <segoon@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: Re: -fstack-protector-all and -lssp
Solar,
On Sun, Feb 05, 2012 at 13:25 +0400, Solar Designer wrote:
> > 6) -D_FORTIFY_SOURCE=2
> >
> > For (6) and (4) we need glibc update first. AFAIU, (5) needs modern
> > glibc too.
> >
> > As Solar said, we're able to use -fstack-protector somehow
> > without glibc, but not to do double work, just enable it with modern
> > glibc.
>
> I am not sure which is best - do it now or after glibc update.
Nevertheless, I'll enable -fstack-protector _after_ glibc update. The
documentation about -fstack-protector, libssp, libssp_nonshared, pie is
not very clear for me. All compilation and usage samples I found are
about modern glibc. Enabling -fstack-protector-all by default without
glibc's support of SSP needs additional changes of gcc's spec
definitions (in gcc/gcc.c), which are poorly documented. I really don't
see any profit of pre-glibc update SSP enabling. It's better to handle
in parralel with _FORTIFY_SOURCES.
Thanks,
--
Vasiliy
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
