Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386

On Wed, Nov 11, 2009 at 07:27:22PM +0100, Tobias Nygren wrote:
> On Wed, 11 Nov 2009 18:06:46 +0000
> Matthias Scheler <> wrote:
> > BTW: this change does *not* require you to recompile your packages
> >      or any other binaries. They will continue to work but have
> >      only limitted stack smash protection.
> Is there any benefit to recompiling packages? Do libraries and binaries
> built on machines with and w/o ssp interoperate when mingled?

Do the default compilation flags for pkgsrc turn on stack protection
now?  Many of the system libraries have been compiled with stack
protection (and also -DFORTIFY_SOURCE, which is almost certainly unsafe
for pkgsrc) for a long time, so you may already have as much benefit,
practically speaking, as you'd get by recompiling.

To the extent of my knowledge there is no problem with library


Home | Main Index | Thread Index | Old Index