Re: [PATCH] Remove ssp buffer size setting

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 06.06.2014 11:40, Ján Tomko wrote:
This option only makes sense with -fstack-protector.
With -fstack-protector-all, even functions with buffers
smaller than this are protected.

https://bugzilla.redhat.com/show_bug.cgi?id=1105456
---
  m4/virt-compile-warnings.m4 | 8 --------
  1 file changed, 8 deletions(-)

diff --git a/m4/virt-compile-warnings.m4 b/m4/virt-compile-warnings.m4
index 574fbc4..ebc931d 100644
--- a/m4/virt-compile-warnings.m4
+++ b/m4/virt-compile-warnings.m4
@@ -171,14 +171,6 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
         dnl be great overhead in adding -fstack-protector-all instead
         dnl wantwarn="$wantwarn -fstack-protector"
         wantwarn="$wantwarn -fstack-protector-all"
-       wantwarn="$wantwarn --param=ssp-buffer-size=4"
-       dnl Even though it supports it, clang complains about
-       dnl use of --param=ssp-buffer-size=4 unless used with
-       dnl the -c arg. It doesn't like it when used with args
-       dnl that just link together .o files. Unfortunately
-       dnl we can't avoid that with automake, so we must turn
-       dnl off the following clang specific warning
-       wantwarn="$wantwarn -Wno-unused-command-line-argument"
         ;;
         *-*-freebsd*)
         dnl FreeBSD ships old gcc 4.2.1 which doesn't handle


From the gcc man page:

       -fstack-protector
Emit extra code to check for buffer overflows, such as stack smashing attacks. This is done by adding a guard variable to functions with vulnerable objects. This includes functions that call "alloca", and functions with buffers larger than 8 bytes. The guards are initialized when a function is entered and then checked when the function exits. If a guard check fails, an error message is printed and the program exits.

       -fstack-protector-all
           Like -fstack-protector except that all functions are protected.


So when using -fstack-protector-all even functions with 4B buffers are protected.

ACK

Michal

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list





[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]