Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Enable STACKPROTECTOR_STRONG in kernel w/ hardened profile?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
jessetaylor84
n00b
n00b


Joined: 21 Sep 2014
Posts: 4
Location: Cascadia, USA
PostPosted: Sun Sep 21, 2014 3:39 am    Post subject: Enable STACKPROTECTOR_STRONG in kernel w/ hardened profile? Reply with quote
I'm currently installing Gentoo Hardened, and am configuring the kernel. It is my understanding that the hardened profile automatically passes -fstack-protector-all for all builds. In the kernel configuration, there is an option called Stack Protector buffer overflow detection (CC_STACKPROTECTOR) and I'm trying to determine whether I should set it to "none", "regular", or "strong" for use with the hardened profile?
Back to top
View user's profile Send private message
kernelOfTruth
Watchman
Watchman


Joined: 20 Dec 2005
Posts: 6111
Location: Vienna, Austria; Germany; hello world :)
PostPosted: Sun Sep 21, 2014 10:59 pm    Post subject: Reply with quote
try out "strong":

http://patchwork.linux-mips.org/patch/6235/

it's superior than fstack-protector-all

less performance hit
_________________
https://github.com/kernelOfTruth/ZFS-for-SystemRescueCD/tree/ZFS-for-SysRescCD-4.9.0
https://github.com/kernelOfTruth/pulseaudio-equalizer-ladspa

Hardcore Gentoo Linux user since 2004 :D
Back to top
View user's profile Send private message
N8Fear
Tux's lil' helper
Tux's lil' helper


Joined: 15 Apr 2013
Posts: 140
Location: Berlin (Germany)
PostPosted: Tue Sep 23, 2014 6:17 pm    Post subject: Reply with quote
Note that fstack-protector-strong requires gcc-4.9.x or newer.

You should also note, that the kernel doesn't use the default CFLAGS. You define them indirectly though options like the one mentioned by you (i.e. you can't compile the kernel with -march=native, without patching it to be able to do so).
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy