CLANG and -fstack-protector

Kimmo Paasiala kpaasial at gmail.com
Thu Feb 7 23:40:02 UTC 2013


On Thu, Feb 7, 2013 at 11:06 PM, Dimitry Andric <dim at freebsd.org> wrote:
> On 2013-02-07 20:42, Kimmo Paasiala wrote:
>>
>> Does the -fstack-protector option work on CLANG 3.1 and 3.2?
>
>
> Yes, it works with both clang and gcc.
>

Good to know thank you!

>
>> There is thread on FreeBSD forums about the stack protector and ports
>> and I'm wondering if it's possible to use the -fstack-protector option
>> with CLANG.
>>
>> http://forums.freebsd.org/showthread.php?t=36927
>
>
> That thread seems to be full of confusion. :-)  The base system is mostly
> built with -fstack-protector, except for the ia64, arm and mips arches,
> and for some specific cases where it is not necessary, or unwanted.

I was aware of the base system being built with the stack protector on
systems where it makes sense.

>
> Ports are largely independent of the base system, and their compilation
> flags are different from port to port.  You could set -fstack-protector
> for your ports in either make.conf or ports.conf, if you wanted.

Is there any work being done to provide an optional Makefile knob
(WITH_STACK_PROTECTOR ?) to turn on -fstack-protector for ports that
install network services (or other critical code)? I'd bet such
feature would be popular.


More information about the freebsd-current mailing list