On Mon, 26 Oct 2009, Gabor Gombas wrote: > On Mon, Oct 26, 2009 at 11:14:25AM +0100, Bastian Blank wrote: > > On Sun, Oct 25, 2009 at 11:55:25AM -0700, Kees Cook wrote: > > > I would like to propose enabling[1] the GCC hardening patches that Ubuntu > > > uses[2]. > > > > How do they work? Do they also change the free-standing compiler or only > > the hosted one? There is a lot of software, which (I would say) missuse > > the hosted compiler to build non-userspace-code, including the Linux > > kernel. > > It seems the kernel will not be happy if the stack protector is switched > on unconditionally: > > http://osdir.com/ml/linux-kernel/2009-10/msg07064.html
Indeed. The kernel build system needs to be able to command whether stackprotect is enabled or not without surprises... I assume very performance-critical applications will also need it disabled, if they have hot paths where dcache footprint matters. But I think we can safely assume these will be quite rare, so as long as one can disable the stackprotector easily enough through CFLAGS, we could just do it in a case-by-case basis on debian/rules. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-gcc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
