-fstack-protector vs. -fstack-protector-all
Dimitry Andric
dim at FreeBSD.org
Sat Nov 19 11:47:05 UTC 2011
On 2011-11-18 15:37, Alexander Best wrote:
> what are the reasons for using -fstack-protector instead of
> -fstack-protector-all in sys/conf/kern.mk?
My guess would be one or more of the following:
- The price in performance is too high
- The gain in security is too low
- Some routines in the kernel are run before the whole stack protection
infrastructure is in place, ergo they can't have stack protection
- There might be other problems with -fstack-protector-all,
lib/libc/Makefile says:
# XXX For now, we don't allow libc to be compiled with
# -fstack-protector-all because it breaks rtld. We may want to make a librtld
# in the future to circumvent this.
SSP_CFLAGS:= ${SSP_CFLAGS:S/^-fstack-protector-all$/-fstack-protector/}
More information about the freebsd-toolchain
mailing list