5 May
2011
5 May
'11
12:29 p.m.
Am 05.05.2011 13:44, schrieb Allan McRae:
-fstack-protector More buffer overflow prevention. This uses the canary approach to detecting buffer overflows so has some minor runtime overhead but does prevent an entire class of attacks (and a common class...). See http://en.wikipedia.org/wiki/Buffer_overflow_protection#GCC_Stack-Smashing_P... . -fstack-protector does this for strings only.
This has been enabled in our kernels for years. No idea if it helps with anything, but our kernels still work.