Re: Stack protector warnings?

To: tech-toolchain%NetBSD.org@localhost
Subject: Re: Stack protector warnings?
From: Valery Ushakov <uwe%stderr.spb.ru@localhost>
Date: Thu, 3 Nov 2022 15:24:56 +0300

On Thu, Nov 03, 2022 at 10:45:32 +0000, nia wrote:

> To build many network-related and otherwise security-relevant
> parts of src we use:
> 
> COPTS+= -fstack-protector -Wstack-protector
> 
> For pkgsrc, we use -fstack-protector-strong. Many others are
> also using this, and it seems like it's more useful (it
> does something that seems "obvious" to me, protecting functions
> with local array definitions).

Out of curiousity: can someone with a clue, please, summarize the
difference in a way that is more clear than gcc.info?  The way it's
worded is "buffers larger than or equal to 8 bytes" for
-fstack-protector vs. "have local array definitions" for
-fstack-protector-strong which is kinda ...  vague.  Is it "large"
local arrays vs. any local arrays?

-uwe

References:
- Stack protector warnings?
  - From: nia

Prev by Date: Stack protector warnings?
Next by Date: make -- generate missing include files
Previous by Thread: Stack protector warnings?
Next by Thread: make -- generate missing include files
Indexes:

Home | Main Index | Thread Index | Old Index