CLANG and -fstack-protector
kpaasial at gmail.com
Thu Feb 7 23:40:02 UTC 2013
On Thu, Feb 7, 2013 at 11:06 PM, Dimitry Andric <dim at freebsd.org> wrote:
> On 2013-02-07 20:42, Kimmo Paasiala wrote:
>> Does the -fstack-protector option work on CLANG 3.1 and 3.2?
> Yes, it works with both clang and gcc.
Good to know thank you!
>> There is thread on FreeBSD forums about the stack protector and ports
>> and I'm wondering if it's possible to use the -fstack-protector option
>> with CLANG.
> That thread seems to be full of confusion. :-) The base system is mostly
> built with -fstack-protector, except for the ia64, arm and mips arches,
> and for some specific cases where it is not necessary, or unwanted.
I was aware of the base system being built with the stack protector on
systems where it makes sense.
> Ports are largely independent of the base system, and their compilation
> flags are different from port to port. You could set -fstack-protector
> for your ports in either make.conf or ports.conf, if you wanted.
Is there any work being done to provide an optional Makefile knob
(WITH_STACK_PROTECTOR ?) to turn on -fstack-protector for ports that
install network services (or other critical code)? I'd bet such
feature would be popular.
More information about the freebsd-current