View previous topic :: View next topic |
Author |
Message |
jessetaylor84 n00b
Joined: 21 Sep 2014 Posts: 4 Location: Cascadia, USA
|
Posted: Sun Sep 21, 2014 3:39 am Post subject: Enable STACKPROTECTOR_STRONG in kernel w/ hardened profile? |
|
|
I'm currently installing Gentoo Hardened, and am configuring the kernel. It is my understanding that the hardened profile automatically passes -fstack-protector-all for all builds. In the kernel configuration, there is an option called Stack Protector buffer overflow detection (CC_STACKPROTECTOR) and I'm trying to determine whether I should set it to "none", "regular", or "strong" for use with the hardened profile? |
|
Back to top |
|
|
kernelOfTruth Watchman
Joined: 20 Dec 2005 Posts: 6111 Location: Vienna, Austria; Germany; hello world :)
|
|
Back to top |
|
|
N8Fear Tux's lil' helper
Joined: 15 Apr 2013 Posts: 140 Location: Berlin (Germany)
|
Posted: Tue Sep 23, 2014 6:17 pm Post subject: |
|
|
Note that fstack-protector-strong requires gcc-4.9.x or newer.
You should also note, that the kernel doesn't use the default CFLAGS. You define them indirectly though options like the one mentioned by you (i.e. you can't compile the kernel with -march=native, without patching it to be able to do so). |
|
Back to top |
|
|
|