Francisco Blas Izquierdo Riera (klondike) wrote: > El 23/10/11 05:56, Steven J Long escribió: >> Will we be able to switch off SSP via config, or will we have to setup >> our own profile? > This should do the trick: > CFLAGS=$CFLAGS -fno-stack-protector
Well, with quotes ;) but yeah that's what I was after; just something I can add somewhere in make.conf. Paweł Hajdan, Jr. wrote: > In my proposal the SSP would be off by default on non-hardened profiles, > at least initially. At any time I'd like it to be switchable via > gcc-config, as it currently is on hardened. That sounds good too; I'll use the default and then add -fstack-protector to package.env should I ever want to compile a package like that. (In case it sounds like I don't care about security, it's just that I don't like stack canaries, and feel address-space randomization via -fPIE will make the classic return-address subversion pretty difficult. Of course I might be missing something again, but I'm not administering a server.) Thanks for your replies, and all the hard work you do. Regards, igli. -- #friendly-coders -- We're friendly, but we're not /that/ friendly ;-)