Date: Sat, 19 Nov 2011 12:47:10 +0100 From: Dimitry Andric <dim@FreeBSD.org> To: Alexander Best <arundel@freebsd.org> Cc: freebsd-toolchain@freebsd.org Subject: Re: -fstack-protector vs. -fstack-protector-all Message-ID: <4EC7973E.9010108@FreeBSD.org> In-Reply-To: <20111118143735.GA46352@freebsd.org> References: <20111118143735.GA46352@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2011-11-18 15:37, Alexander Best wrote:
> what are the reasons for using -fstack-protector instead of
> -fstack-protector-all in sys/conf/kern.mk?
My guess would be one or more of the following:
- The price in performance is too high
- The gain in security is too low
- Some routines in the kernel are run before the whole stack protection
infrastructure is in place, ergo they can't have stack protection
- There might be other problems with -fstack-protector-all,
lib/libc/Makefile says:
# XXX For now, we don't allow libc to be compiled with
# -fstack-protector-all because it breaks rtld. We may want to make a librtld
# in the future to circumvent this.
SSP_CFLAGS:= ${SSP_CFLAGS:S/^-fstack-protector-all$/-fstack-protector/}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4EC7973E.9010108>