On 1/16/23 11:09 PM, Peter Foley wrote:
On Mon, Jan 16, 2023 at 11:05 PM Yonghong Song <yhs@xxxxxxxx> wrote:
If I understand correctly (by inspecting clang code), the stack
protector is off by default. Do you have link to Gentoo build
page to show how they enable stack protector? cmake config or
a private patch?
The relevant override appears to be
https://github.com/gentoo/gentoo/blob/c5247250e9d4a09e67a602965a5f72be3cebbf34/sys-devel/clang-common/clang-common-15.0.7.ebuild#L93
Thanks for the link. Looks like this is a security feature added by
hardened_gentoo progject (https://wiki.gentoo.org/wiki/Hardened_Gentoo)
which unconditionally added -fstack-protector-strong to the clang
compilation flag.
