On Sat Nov 19 11, Dimitry Andric wrote:
> On 2011-11-18 15:37, Alexander Best wrote:
> > what are the reasons for using -fstack-protector instead of
> > -fstack-protector-all in sys/conf/kern.mk?
>
> My guess would be one or more of the following:
>
> - The price in performance is too high
> - The gain in security is too low
> - Some routines in the kernel are run before the whole stack protection
> infrastructure is in place, ergo they can't have stack protection
> - There might be other problems with -fstack-protector-all,
> lib/libc/Makefile says:
>
> # XXX For now, we don't allow libc to be compiled with
> # -fstack-protector-all because it breaks rtld. We may want to make a
> librtld
> # in the future to circumvent this.
> SSP_CFLAGS:=
> ${SSP_CFLAGS:S/^-fstack-protector-all$/-fstack-protector/}
defining -fstack-protector-all in sys/conf/kern.mk will only apply it to the
kernel and its components and not to world, i believe.
i've been running a kernel compiled with -fstack-protector-all and haven't
experienced any issues with it, so far.
cheers.
alex
_______________________________________________
freebsd-toolchain@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-toolchain
To unsubscribe, send any mail to "freebsd-toolchain-unsubscr...@freebsd.org"
