You are not logged in.

#1 2012-08-19 20:11:04

Tomm
Member
Registered: 2012-02-07
Posts: 8

Why is -fstack-protector enabled by default in makepkg.conf?

I'm just curious why it's their by default.  I don't know much about the flag itself though if somebody could explain.

Offline

#2 2012-08-19 20:34:30

falconindy
Developer
From: New York, USA
Registered: 2009-10-22
Posts: 4,097
Website

Re: Why is -fstack-protector enabled by default in makepkg.conf?

gcc's manpage would happily describe this for you...

       -fstack-protector
           Emit extra code to check for buffer overflows, such as stack smashing attacks.  This is done by adding a
           guard variable to functions with vulnerable objects.  This includes functions that call alloca, and
           functions with buffers larger than 8 bytes.  The guards are initialized when a function is entered and
           then checked when the function exits.  If a guard check fails, an error message is printed and the
           program exits.

In short, it's a security measure with low overhead, so it's worth enabling.

Offline

#3 2012-08-19 23:13:43

fukawi2
Forum Moderator
From: .vic.au
Registered: 2007-09-28
Posts: 5,304
Website

Re: Why is -fstack-protector enabled by default in makepkg.conf?

Is there a reason you think it should not be enabled?

Offline

#4 2012-08-20 02:46:16

Tomm
Member
Registered: 2012-02-07
Posts: 8

Re: Why is -fstack-protector enabled by default in makepkg.conf?

Ok thanks falconindy, but how often do attacks like those happen?  I honestly don't know much about gcc optimizations and programming.

fukawi2 wrote:

Is there a reason you think it should not be enabled?

No but I was just curious as to why it was there.  I have no problem with it being there.

Offline

#5 2012-08-20 03:19:41

Allan
Developer
From: Brisbane, AU
Registered: 2007-06-09
Posts: 10,437
Website

Re: Why is -fstack-protector enabled by default in makepkg.conf?

That security measure essentially disables the most common exploit mechanism.  They are fairly common programming mistakes.

Offline

Board footer

Powered by FluxBB