[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Stack Smash Protection disabled (was HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386)
On Fri, Nov 13, 2009 at 03:40:19PM +0000, David Holland wrote:
> On Fri, Nov 13, 2009 at 08:20:57AM -0500, Steven Bellovin wrote:
> > > Note that quite a few packages break with SSP.
> > Hmm -- why? Buffer overflows that haven't been exploited yet?
> It's allergic to alloca(), and anything equivalent to alloca() like
> variable-sized arrays on the stack.
This is why I recommended -fstack-protector -Wno-stack-protector as the
options to be added to pkgsrc builds.
Unfortunately GCC can't do "warn me about X but don't make it fatal even
if -Werror is set".
Main Index |
Thread Index |