You are not logged in.

#1 2013-12-08 03:09:28

oboenerd
Member
From: Right behind you.
Registered: 2012-08-15
Posts: 52

Enabling -fstack-protector-strong in makepkg.conf?

A little more than a year ago Google submitted a patch which added a -fstack-protector-strong option which was intended to strike a balance between -fstack-protector (used in Arch) and -fstack-protector-all which was considered too computationally expensive for google's chromiumos.  All of these options introduce measures to protect compiled programs against stack overflow attacks to varying degrees of security and performance.

This google doc sums up what the new flag introduces: https://docs.google.com/document/d/1xXB … t?hl=en_US

My recently installed default /etc/makepkg.conf shows -fstack-protector (not -strong) in CFLAGS.  Is there a specific reason that it has not yet been implemented in Arch, or has it simply just "not happened" yet? 

Fedora 20 is now using -fstack-protector-strong.  After some searching I couldn't find anything here or on the arch bugtracker which discusses the new option.  I should add that I am by no means well-versed in security and this is something I would like to know more about.

Last edited by oboenerd (2013-12-08 03:13:19)


"I quoted myself." -oboenerd

Offline

#2 2013-12-08 03:51:25

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,414

Re: Enabling -fstack-protector-strong in makepkg.conf?

This is something that should be brought up in the bug tracker I think.  Though, interestingly this is not documented in the gcc man page nor the gcc info page.


Edit: I didn't follow your links, but I do remember reading about this.  It would seem that this functionality has not been merged, as trying to use -fstack-protector-strong fails with:

gcc: error: unrecognized command line option '-fstack-protector-strong'

Last edited by WonderWoofy (2013-12-08 03:54:56)

Offline

#3 2014-02-03 03:55:09

mmix
Member
Registered: 2014-01-11
Posts: 33

Re: Enabling -fstack-protector-strong in makepkg.conf?

Hi, i am using arch 201401,
my default gcc getting error like above when compiling kernel  3.14-rc1

Offline

#4 2014-02-03 05:36:40

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,365
Website

Re: Enabling -fstack-protector-strong in makepkg.conf?

Well...   first you will need to wait until gcc-4.9 is released (April).   Fedora does a backport of the patches required, but I will not be.

Offline

Board footer

Powered by FluxBB