OK, I see you've already commited this, so forwarding to pld-devel-pl as this is important and might have consequences that must be dealt with.
On Fri, Sep 18, 2015 at 21:57:46 +0200, Arkadiusz MiĆkiewicz wrote: > On Friday 18 of September 2015, Tomasz Pala wrote: >> >> %_ssp_cflags -fstack-protector --param=ssp-buffer-size=4 >> >> instead superior -fstack-protector-strong which seems to be taken as >> default in many distros, even on gcc level? > > Looks like our version was used by distros back then... I have no problems > with switching to -fstack-protector-strong. > > http://www.phoronix.com/scan.php?page=news_item&px=MTM5NjQ > > http://outflux.net/blog/archives/2014/01/27/fstack-protector-strong/ > > https://wiki.debian.org/Hardening > "Prior to GCC 4.9, `-fstack-protector --param ssp-buffer-size=4' is used to > cover functions that defines a 4 or more byte local character array, which is > an okay balance for security and performance. For those who want to protect > all the functions then -fstack-protector-all is recommended. > > Since GCC 4.9, -fstack-protector-strong, an improved version of -fstack- > protector is introduced, which covers all the more paranoid conditions that > might lead to a stack overflow but not trade performance like -fstack- > protector-all, thus it becomes default." -- Tomasz Pala <[email protected]> _______________________________________________ pld-devel-pl mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-devel-pl
