Re: question about "-fstack-protector" and fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am 30.06.2011 15:36, schrieb Jakub Jelinek:
> On Thu, Jun 30, 2011 at 03:31:24PM +0200, Jakub Jelinek wrote:
>> On Thu, Jun 30, 2011 at 03:19:10PM +0200, Reindl Harald wrote:
>>> as far as i can see fedora is built with "-fstack-protector" and not
>>> "-fstack-protector-all" - is there a specific reason for not using
>>> the "all" variant
>>
>> Sure, it is expensive to set up the canary even when it is obvious
>> it isn't needed.  We by default use 4 byte+ arrays as the trigger to
>> add stack canaries (gcc default is 8 byte+), with -fstack-protector-all
>> you add it even for functions that don't have any stack variables at
>> all, or that have only scalar vars etc.
> 
> I'd add that even functions as simple as
> int foo (void) { return 1; }
> are "protected" with -fstack-protector-all, with -fstack-protector
> this function has 2 instructions, with -fstack-protector-all 11, which
> includes creating a stack frame etc.
> Really, -fstack-protector --param=ssp-buffer-size=4 is carefully chosen
> reasonable default, just don't listen to clueless LFS/Gentoo folks
> that suggest something else.

thank you for the clarification

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux