Am 05.05.2011 13:44, schrieb Allan McRae: > -fstack-protector > More buffer overflow prevention. This uses the canary approach to > detecting buffer overflows so has some minor runtime overhead but does > prevent an entire class of attacks (and a common class...). See > http://en.wikipedia.org/wiki/Buffer_overflow_protection#GCC_Stack-Smashing_Protector_.28ProPolice.29 > . -fstack-protector does this for strings only.
This has been enabled in our kernels for years. No idea if it helps with anything, but our kernels still work.
signature.asc
Description: OpenPGP digital signature
