Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
fstack-protector-strong anyone using it ? adding to Gentoo ?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
kernelOfTruth
Watchman
Watchman


Joined: 20 Dec 2005
Posts: 5610
Location: Vienna, Austria; Germany; hello world :)

PostPosted: Mon Jan 27, 2014 10:17 pm    Post subject: fstack-protector-strong anyone using it ? adding to Gentoo ? Reply with quote

Hi,


since I stumbled over -fstack-protector-strong a few days ago at lkml

and just read some more on it (http://www.simonroses.com/2013/04/appsec-improve-your-software-security-with-gcc-stack-protector-strong/)

anyone has added it to your gcc / toolchain ?


if one of the toolchain-/security-related devs (zorry, ...) are reading this:

any plans to add this in the near future to the hardened or even default toolchain ?


Thanks for reading :)
_________________
Unofficial minimal livecd x86/amd64 w/reiser4+truecrypt (by Neo2)
2.6.37.2_plus_v1: BFS, CFS,THP,compaction, zcache or TOI
Hardcore Linux user since 2004 :D
Back to top
View user's profile Send private message
mv
Advocate
Advocate


Joined: 20 Apr 2005
Posts: 3784

PostPosted: Mon Jan 27, 2014 10:43 pm    Post subject: Reply with quote

There was already a discussion on dev-ml when it was decided that -fstack-protector is added: Plans of gcc upstream are to include -fstack-protector-strong into gcc-4.9. Since the corresponding -fnostack-protector-strong makes no sense before gcc-4.9, I doubt that gentoo will discuss about putting it into default before gcc-4.9 is stabilized (in gentoo!). Since hardened includes even -fstack-protector-all by default, I doubt that they will relax this policy.
Back to top
View user's profile Send private message
kernelOfTruth
Watchman
Watchman


Joined: 20 Dec 2005
Posts: 5610
Location: Vienna, Austria; Germany; hello world :)

PostPosted: Tue Jan 28, 2014 12:20 am    Post subject: Reply with quote

oh, good to know

thanks mv :)


perhaps fstack-protector-strong could be used as an replacement for fstack-protector-all when things fail to compile or work at runtime

or for those who want more protection but don't like the slowdown & overhead of fstack-protector-all
_________________
Unofficial minimal livecd x86/amd64 w/reiser4+truecrypt (by Neo2)
2.6.37.2_plus_v1: BFS, CFS,THP,compaction, zcache or TOI
Hardcore Linux user since 2004 :D
Back to top
View user's profile Send private message
zorry
Developer
Developer


Joined: 30 Mar 2008
Posts: 363
Location: Umeå The north part of scandinavia

PostPosted: Tue Jan 28, 2014 9:29 pm    Post subject: Reply with quote

fstack-protector-strong will most be enable by default on gcc 4.9 in gentoo and hardened will have -all as default.
_________________
gcc version 4.6.2 (Gentoo Hardened 4.6.2 p1.1, pie-0.5.0)
Back to top
View user's profile Send private message
kernelOfTruth
Watchman
Watchman


Joined: 20 Dec 2005
Posts: 5610
Location: Vienna, Austria; Germany; hello world :)

PostPosted: Tue Jan 28, 2014 10:15 pm    Post subject: Reply with quote

zorry wrote:
fstack-protector-strong will most be enable by default on gcc 4.9 in gentoo and hardened will have -all as default.


great !

thanks for the confirmation, zorry :)
_________________
Unofficial minimal livecd x86/amd64 w/reiser4+truecrypt (by Neo2)
2.6.37.2_plus_v1: BFS, CFS,THP,compaction, zcache or TOI
Hardcore Linux user since 2004 :D
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum