On Wed, Nov 30, 2011 at 7:53 AM, Han Shen(沈涵) <shen...@google.com> wrote: > Hi, I propose to add to gcc a new option regarding stack protector - > "-fstack-protector-strong", in addition to current gcc's > "-fstack-protector-all", which protects ALL functions, and > "-fstack-protector", which protects functions that have a big > (signed/unsigned) char array or have alloca called. > > Background - some times stack-protector is too-simple while > stack-protector-all over-kills, for example, to build one of our core > systems, we forcibly add "-fstack-protector-all" to all compile > commands, which brings big performance penalty (due to extra stack > guard/check insns on function prologue and epilogue) on both atom and > arm. To use "-fstack-protector" is just regarded as not secure enough > (only "protects" <2% functions) by the system secure team. So I'd like > to add the option "-fstack-protector-strong", that hits the balance > between "-fstack-protector" and "-fstack-protector-all". Any further detail about when the proposed -strong will protect stack? If the new criteria is general secure principles, maybe you can just enhance -fstack-prtector instead of introducing new option.
Thanks - Joey
