Hi, I'm not claiming that I understand all the issues, but I wonder how that all affects "normal" Gentoo.
Let me summarize my understanding: * We currently enable -fstack-check=specific on hardened, but not on normal Gentoo. * -fstack-check provides protection against stack clashes, but it is not ideal / can sometimes be circumvented. However it is expected / hoped that future versions of gcc will improve on that and provide a better implementation. * According to gcc's man page I understand that -fstack-check=specific is equivalent to -fstack-check and there is also -fstack-check=generic, which is considered deprecated. There's already work underway to push -pie via a new profile to default gentoo. I wonder: Should -fstack-check be pushed as well? Open questions I have: * Are there measurements of the performance overhead of -fstack-check? * Are there other downsides of -fstack-check? Is it expected that enabling it breaks things? -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
pgpvse8RQvHxM.pgp
Description: OpenPGP digital signature
