* [gentoo-dev] [RFC] News item: GCC 4.8.3 defaults to -fstack-protector
@ 2014-06-10 0:16 99% Ryan Hill
0 siblings, 0 replies; 1+ results
From: Ryan Hill @ 2014-06-10 0:16 UTC (permalink / raw
To: gentoo-dev, gentoo-dev-announce, pr
[-- Attachment #1: Type: text/plain, Size: 1305 bytes --]
Title: GCC 4.8.3 defaults to -fstack-protector
Author: Ryan Hill <rhill@gentoo.org>
Content-Type: text/plain
Posted: 2014-06-10
Revision: 1
News-Item-Format: 1.0
Display-If-Installed: >=sys-devel/gcc-4.8.3
Beginning with GCC 4.8.3, Stack Smashing Protection (SSP) will be
enabled by default. The 4.8 series will enable -fstack-protector
while 4.9 and later enable -fstack-protector-strong.
SSP is a security feature that attempts to mitigate stack-based buffer
overflows by placing a canary value on the stack after the function
return pointer and checking for that value before the function returns.
If a buffer overflow occurs and the canary value is overwritten, the
program aborts.
There is a small performance cost to these features. They can be
disabled with -fno-stack-protector.
For more information these options, refer to the GCC Manual, or the
following articles.
http://en.wikipedia.org/wiki/Buffer_overflow_protection
http://en.wikipedia.org/wiki/Stack_buffer_overflow
https://securityblog.redhat.com/tag/stack-protector
http://www.outflux.net/blog/archives/2014/01/27/fstack-protector-strong
--
Ryan Hill psn: dirtyepic_sk
gcc-porting/toolchain/wxwidgets @ gentoo.org
47C3 6D62 4864 0E49 8E9E 7F92 ED38 BD49 957A 8463
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 475 bytes --]
^ permalink raw reply [relevance 99%]
Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2014-06-10 0:16 99% [gentoo-dev] [RFC] News item: GCC 4.8.3 defaults to -fstack-protector Ryan Hill
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox