Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Stack Smash Protection disabled (was HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386)

On Fri, Nov 13, 2009 at 03:40:19PM +0000, David Holland wrote:
> On Fri, Nov 13, 2009 at 08:20:57AM -0500, Steven Bellovin wrote:
>  > > Note that quite a few packages break with SSP.
>  > 
>  > Hmm -- why?  Buffer overflows that haven't been exploited yet?
> It's allergic to alloca(), and anything equivalent to alloca() like
> variable-sized arrays on the stack.

This is why I recommended -fstack-protector -Wno-stack-protector as the
options to be added to pkgsrc builds.

Unfortunately GCC can't do "warn me about X but don't make it fatal even
if -Werror is set".


Home | Main Index | Thread Index | Old Index