[arch-dev-public] Adding hardening compiler/linker flags

Thomas Bächler thomas at archlinux.org
Thu May 5 08:29:56 EDT 2011

Am 05.05.2011 13:44, schrieb Allan McRae:
> -fstack-protector
> More buffer overflow prevention.  This uses the canary approach to
> detecting buffer overflows so has some minor runtime overhead but does
> prevent an entire class of attacks (and a common class...).  See
> http://en.wikipedia.org/wiki/Buffer_overflow_protection#GCC_Stack-Smashing_Protector_.28ProPolice.29
> .  -fstack-protector does this for strings only.

This has been enabled in our kernels for years. No idea if it helps with
anything, but our kernels still work.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20110505/b4f81a75/attachment.asc>

More information about the arch-dev-public mailing list