Why is -fstack-protector enabled by default in makepkg.conf?

Tomm · 2012-08-19 20:11:04

I'm just curious why it's their by default. I don't know much about the flag itself though if somebody could explain.

falconindy · 2012-08-19 20:34:30

gcc's manpage would happily describe this for you...

       -fstack-protector
           Emit extra code to check for buffer overflows, such as stack smashing attacks.  This is done by adding a
           guard variable to functions with vulnerable objects.  This includes functions that call alloca, and
           functions with buffers larger than 8 bytes.  The guards are initialized when a function is entered and
           then checked when the function exits.  If a guard check fails, an error message is printed and the
           program exits.

In short, it's a security measure with low overhead, so it's worth enabling.

fukawi2 · 2012-08-19 23:13:43

Is there a reason you think it should not be enabled?

Tomm · 2012-08-20 02:46:16

Ok thanks falconindy, but how often do attacks like those happen? I honestly don't know much about gcc optimizations and programming.

fukawi2 wrote:

Is there a reason you think it should not be enabled?

No but I was just curious as to why it was there. I have no problem with it being there.

Allan · 2012-08-20 03:19:41

That security measure essentially disables the most common exploit mechanism. They are fairly common programming mistakes.

Arch Linux

#1 2012-08-19 20:11:04

Why is -fstack-protector enabled by default in makepkg.conf?

#2 2012-08-19 20:34:30

Re: Why is -fstack-protector enabled by default in makepkg.conf?

#3 2012-08-19 23:13:43

Re: Why is -fstack-protector enabled by default in makepkg.conf?

#4 2012-08-20 02:46:16

Re: Why is -fstack-protector enabled by default in makepkg.conf?

#5 2012-08-20 03:19:41

Re: Why is -fstack-protector enabled by default in makepkg.conf?

Board footer