05.09.2013 14:47, Tom Wijsman пишет: > On Thu, 05 Sep 2013 12:13:28 +0200 > Agostino Sarubbo <a...@gentoo.org> wrote: > >> Hello, >> >> during an irc debate, me and other people just noticed that the >> default profile could use more flags to enhance the security. >> >> An hint is here: >> https://wiki.ubuntu.com/ToolChain/CompilerFlags >> >> Please argue about what we _don't_ use. >> >> Note: please CC me in your response. > > What I wonder about here is at which cost this does come, when looking > at the fstack-protector then I see that it "emits extra code"; so, now > the question is what kind of overhead this causes. > > I am pretty sure security might not be that important on a real time > system that perhaps isn't connected to the internet; so, besides making > it the default, we might want to introduce the necessary means to turn > it off again, by the very least perhaps documentation would suffice. > > Do you intend to discuss that flag or more generally any security flag? >
Regarding -fstack-protector - it can be used at least in hardened profiles(but i have some sort of bad expirience with it and uclibc[1]). Also kernel has apropriate option to enable it during build. However, i am not skilled with GCC internals, so i can say nothing about perfomance impact this flag may have. Maybe toolchain guys can bring light on this ;-) [1] - https://bugs.gentoo.org/show_bug.cgi?id=470608 -- Best regards, Sergey Popov Gentoo developer Gentoo Desktop Effects project lead Gentoo Qt project lead Gentoo Proxy maintainers project lead
signature.asc
Description: OpenPGP digital signature
