* Ramana Radhakrishnan: > I don't intend to change the defaults in userland, we've discussed this > for user-land in the past and as far as glibc and userland is concerned > we stick to the options as currently existing. The system register > option is really for the kernel to use along with an offset as they > control their ABI and this is a decision for them to make.
For userland, I would like to eventually copy the OpenBSD approach for architectures which have some form of PC-relative addressing: we can have multiple random canaries in (RELRO) .rodata in sufficiently close to the code that needs them (assuming that we have split .rodata). At least for x86-64, I expect this to be a small win. It's also a slight hardening improvement if the reference canary is not stored in writable memory. Thanks, Florian