[arch-dev-public] Adding hardening compiler/linker flags
thomas at archlinux.org
Thu May 5 08:29:56 EDT 2011
Am 05.05.2011 13:44, schrieb Allan McRae:
> More buffer overflow prevention. This uses the canary approach to
> detecting buffer overflows so has some minor runtime overhead but does
> prevent an entire class of attacks (and a common class...). See
> . -fstack-protector does this for strings only.
This has been enabled in our kernels for years. No idea if it helps with
anything, but our kernels still work.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 262 bytes
Desc: OpenPGP digital signature
More information about the arch-dev-public