Re: Stack Smash Protection disabled (was HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386)

To: David Holland <dholland-current%netbsd.org@localhost>
Subject: Re: Stack Smash Protection disabled (was HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386)
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Fri, 13 Nov 2009 11:38:25 -0500

On Fri, Nov 13, 2009 at 03:40:19PM +0000, David Holland wrote:
> On Fri, Nov 13, 2009 at 08:20:57AM -0500, Steven Bellovin wrote:
>  > > Note that quite a few packages break with SSP.
>  > 
>  > Hmm -- why?  Buffer overflows that haven't been exploited yet?
> 
> It's allergic to alloca(), and anything equivalent to alloca() like
> variable-sized arrays on the stack.

This is why I recommended -fstack-protector -Wno-stack-protector as the
options to be added to pkgsrc builds.

Unfortunately GCC can't do "warn me about X but don't make it fatal even
if -Werror is set".

Thor

Follow-Ups:
- Re: Stack Smash Protection disabled (was HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386)
  - From: Eric Haszlakiewicz

References:
- HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386
  - From: Matthias Scheler
- Stack Smash Protection disabled (was HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386)
  - From: Matthias Scheler
- Re: Stack Smash Protection disabled (was HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386)
  - From: Elad Efrat
- Re: Stack Smash Protection disabled (was HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386)
  - From: Steven Bellovin
- Re: Stack Smash Protection disabled (was HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386)
  - From: Jukka Ruohonen
- Re: Stack Smash Protection disabled (was HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386)
  - From: Steven Bellovin
- Re: Stack Smash Protection disabled (was HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386)
  - From: David Holland

Prev by Date: Re: Stack Smash Protection disabled (was HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386)
Next by Date: Re: Stack Smash Protection disabled (was HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386)
Previous by Thread: Re: Stack Smash Protection disabled (was HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386)
Next by Thread: Re: Stack Smash Protection disabled (was HEADS-UP: Stack Smash Protection enabled by default for amd64 and i386)
Indexes:

Home | Main Index | Thread Index | Old Index