On Tue, Feb 12, 2008 at 11:08:18AM -0800, Arjan van de Ven wrote: > On Tue, 12 Feb 2008 19:50:12 +0100 > Sam Ravnborg <[EMAIL PROTECTED]> wrote: > > > > > > Now I realize that certain distros have patched gcc to compensate > > > for their lack of distro wide CFLAGS, and it's great to work around > > > that... but would there be a way to NOT disable this for > > > CONFIG_CC_STACKPROTECTOR please? It would have made this exploit > > > not possible for those kernels that enable this feature (and that > > > includes distros like Fedora) > > > > I guess the problem is that we in arch/x86/Makefile enable the > > stackprotector but then later in the main Makefile disables it. > > So the right way to approach this should be to always disable it and > > the reenable it in the arch Makefile. > > So something like this? > > > the patch works fine for me. > Linus, can we please get this merged into .25? it will at least > again limit the damage exploits like the vmsplice one can do.. > > (I think it's also worth it for -stable)
I will prepare it for my next -fix round. Due in a few days. Sam -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/