On 01/04/2018 05:28 AM, Jan Kurik wrote:
= System Wide Change: Hardening Flags Updates for Fedora 28 = https://fedoraproject.org/wiki/Changes/HardeningFlags28
This change might be on a fast track to failure.
== Detailed Description == * Compile all binaries with stack clash protection (-fstack-clash-protection). As a result, all stack overflows (i.e., situations where the allocated stack is completely exhausted) will reliably result in crashes.
"All stack overflows"? That would be a feat. I tried to test, but: There is no such flag in gcc-7.2.1-2 (current f27). updates-testing for f27 has no update for gcc. Fedora 28 Rawhide 20180103.n.0 nightly compose cannot run Terminal.
* Enable control flow protection on x86-64 using -fcf-protection=full -mcet.
The wiki page https://fedoraproject.org/wiki/Changes/HardeningFlags28 links to (Documentation: Flow Enforcement Technology) https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf%7CControl which displays that site's HTTP-404 "Link not found" catch-all. I'd comment on the wiki page, but cannot login because I have only FAS "cla" access. I tried to get "cla+1" by joining a group, but the only groups with Join buttons were Marketing-related, and I'm not interested there. -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
