FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 06-30-2011, 01:36 PM
Jakub Jelinek
 
Default question about "-fstack-protector" and fedora

On Thu, Jun 30, 2011 at 03:31:24PM +0200, Jakub Jelinek wrote:
> On Thu, Jun 30, 2011 at 03:19:10PM +0200, Reindl Harald wrote:
> > as far as i can see fedora is built with "-fstack-protector" and not
> > "-fstack-protector-all" - is there a specific reason for not using
> > the "all" variant
>
> Sure, it is expensive to set up the canary even when it is obvious
> it isn't needed. We by default use 4 byte+ arrays as the trigger to
> add stack canaries (gcc default is 8 byte+), with -fstack-protector-all
> you add it even for functions that don't have any stack variables at
> all, or that have only scalar vars etc.

I'd add that even functions as simple as
int foo (void) { return 1; }
are "protected" with -fstack-protector-all, with -fstack-protector
this function has 2 instructions, with -fstack-protector-all 11, which
includes creating a stack frame etc.
Really, -fstack-protector --param=ssp-buffer-size=4 is carefully chosen
reasonable default, just don't listen to clueless LFS/Gentoo folks
that suggest something else.

Jakub
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 06-30-2011, 01:41 PM
Reindl Harald
 
Default question about "-fstack-protector" and fedora

Am 30.06.2011 15:36, schrieb Jakub Jelinek:
> On Thu, Jun 30, 2011 at 03:31:24PM +0200, Jakub Jelinek wrote:
>> On Thu, Jun 30, 2011 at 03:19:10PM +0200, Reindl Harald wrote:
>>> as far as i can see fedora is built with "-fstack-protector" and not
>>> "-fstack-protector-all" - is there a specific reason for not using
>>> the "all" variant
>>
>> Sure, it is expensive to set up the canary even when it is obvious
>> it isn't needed. We by default use 4 byte+ arrays as the trigger to
>> add stack canaries (gcc default is 8 byte+), with -fstack-protector-all
>> you add it even for functions that don't have any stack variables at
>> all, or that have only scalar vars etc.
>
> I'd add that even functions as simple as
> int foo (void) { return 1; }
> are "protected" with -fstack-protector-all, with -fstack-protector
> this function has 2 instructions, with -fstack-protector-all 11, which
> includes creating a stack frame etc.
> Really, -fstack-protector --param=ssp-buffer-size=4 is carefully chosen
> reasonable default, just don't listen to clueless LFS/Gentoo folks
> that suggest something else.

thank you for the clarification

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 

Thread Tools




All times are GMT. The time now is 02:59 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org