[arch-dev-public] Adding hardening compiler/linker flags
Thomas Bächler
thomas at archlinux.org
Thu May 5 08:29:56 EDT 2011
Am 05.05.2011 13:44, schrieb Allan McRae:
> -fstack-protector
> More buffer overflow prevention. This uses the canary approach to
> detecting buffer overflows so has some minor runtime overhead but does
> prevent an entire class of attacks (and a common class...). See
> http://en.wikipedia.org/wiki/Buffer_overflow_protection#GCC_Stack-Smashing_Protector_.28ProPolice.29
> . -fstack-protector does this for strings only.
This has been enabled in our kernels for years. No idea if it helps with
anything, but our kernels still work.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20110505/b4f81a75/attachment.asc>
More information about the arch-dev-public
mailing list