Hi, Joey, thanks! The detail is here (should be included in my original post):
https://docs.google.com/a/google.com/document/d/1xXBH6rRZue4f296vGt9YQcuLVQHeE516stHwt8M9xyU/edit?hl=en_US -Han On Tue, Nov 29, 2011 at 10:44 PM, Ye Joey <joey.ye...@gmail.com> wrote: > On Wed, Nov 30, 2011 at 7:53 AM, Han Shen(沈涵) <shen...@google.com> wrote: >> Hi, I propose to add to gcc a new option regarding stack protector - >> "-fstack-protector-strong", in addition to current gcc's >> "-fstack-protector-all", which protects ALL functions, and >> "-fstack-protector", which protects functions that have a big >> (signed/unsigned) char array or have alloca called. >> >> Background - some times stack-protector is too-simple while >> stack-protector-all over-kills, for example, to build one of our core >> systems, we forcibly add "-fstack-protector-all" to all compile >> commands, which brings big performance penalty (due to extra stack >> guard/check insns on function prologue and epilogue) on both atom and >> arm. To use "-fstack-protector" is just regarded as not secure enough >> (only "protects" <2% functions) by the system secure team. So I'd like >> to add the option "-fstack-protector-strong", that hits the balance >> between "-fstack-protector" and "-fstack-protector-all". > Any further detail about when the proposed -strong will protect stack? > If the new criteria is general secure principles, maybe you can just > enhance -fstack-prtector instead of introducing new option. > > Thanks - Joey >
