On 18.09.2015 22:57, Arkadiusz Miśkiewicz wrote:
On Friday 18 of September 2015, Tomasz Pala wrote:
I've been searching this for an hour now but can't find any discussion on
this - why do we have (rpm/macros.pld.in)
%_ssp_cflags -fstack-protector --param=ssp-buffer-size=4
instead superior -fstack-protector-strong which seems to be taken as
default in many distros, even on gcc level?
Looks like our version was used by distros back then... I have no problems
with switching to -fstack-protector-strong.
http://www.phoronix.com/scan.php?page=news_item&px=MTM5NjQ
http://outflux.net/blog/archives/2014/01/27/fstack-protector-strong/
https://wiki.debian.org/Hardening
"Prior to GCC 4.9, `-fstack-protector --param ssp-buffer-size=4' is used to
cover functions that defines a 4 or more byte local character array, which is
an okay balance for security and performance. For those who want to protect
all the functions then -fstack-protector-all is recommended.
Since GCC 4.9, -fstack-protector-strong, an improved version of -fstack-
protector is introduced, which covers all the more paranoid conditions that
might lead to a stack overflow but not trade performance like -fstack-
protector-all, thus it becomes default."
your commit
http://git.pld-linux.org/gitweb.cgi/packages/rpm.git/commitdiff/f5f4004c4c8eeb0f338fa3e53b9a82c18faa0add
should include updated gcc version dependency too?
--
glen
_______________________________________________
pld-devel-en mailing list
pld-devel-en@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-devel-en
