Am 30.06.2011 15:36, schrieb Jakub Jelinek:
> On Thu, Jun 30, 2011 at 03:31:24PM +0200, Jakub Jelinek wrote:
>> On Thu, Jun 30, 2011 at 03:19:10PM +0200, Reindl Harald wrote:
>>> as far as i can see fedora is built with "-fstack-protector" and not
>>> "-fstack-protector-all" - is there a specific reason for not using
>>> the "all" variant
>>
>> Sure, it is expensive to set up the canary even when it is obvious
>> it isn't needed. We by default use 4 byte+ arrays as the trigger to
>> add stack canaries (gcc default is 8 byte+), with -fstack-protector-all
>> you add it even for functions that don't have any stack variables at
>> all, or that have only scalar vars etc.
>
> I'd add that even functions as simple as
> int foo (void) { return 1; }
> are "protected" with -fstack-protector-all, with -fstack-protector
> this function has 2 instructions, with -fstack-protector-all 11, which
> includes creating a stack frame etc.
> Really, -fstack-protector --param=ssp-buffer-size=4 is carefully chosen
> reasonable default, just don't listen to clueless LFS/Gentoo folks
> that suggest something else.
thank you for the clarification
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
