v2: Restrict by arch -- Title: GCC 4.8.3 defaults to -fstack-protector Author: Ryan Hill <rh...@gentoo.org> Content-Type: text/plain Posted: 2014-06-10 Revision: 1 News-Item-Format: 1.0 Display-If-Installed: >=sys-devel/gcc-4.8.3 Display-If-Keyword: amd64 Display-If-Keyword: arm Display-If-Keyword: mips Display-If-Keyword: ppc Display-If-Keyword: ppc64 Display-If-Keyword: x86
Beginning with GCC 4.8.3, Stack Smashing Protection (SSP) will be enabled by default. The 4.8 series will enable -fstack-protector while 4.9 and later enable -fstack-protector-strong. SSP is a security feature that attempts to mitigate stack-based buffer overflows by placing a canary value on the stack after the function return pointer and checking for that value before the function returns. If a buffer overflow occurs and the canary value is overwritten, the program aborts. There is a small performance cost to these features. They can be disabled with -fno-stack-protector. For more information these options, refer to the GCC Manual, or the following articles. http://en.wikipedia.org/wiki/Buffer_overflow_protection http://en.wikipedia.org/wiki/Stack_buffer_overflow https://securityblog.redhat.com/tag/stack-protector http://www.outflux.net/blog/archives/2014/01/27/fstack-protector-strong -- Ryan Hill psn: dirtyepic_sk gcc-porting/toolchain/wxwidgets @ gentoo.org 47C3 6D62 4864 0E49 8E9E 7F92 ED38 BD49 957A 8463
signature.asc
Description: PGP signature