Hi! On Mon, Sep 17, 2018 at 12:15:05PM +0000, Christophe Leroy wrote: > Now, GCC offers the possibility to manually set the > stack-protector mode (global or tls) regardless of libc support.
Yup :-) > This time, the patch selects HAVE_STACKPROTECTOR only if > -mstack-protector-guard=global is supported by GCC. "global" is weaker than "tls" (it is easier to read the cookie in an exploit). It is better to use tls if you can. Segher
