You are not logged in.

#1 2013-12-08 03:09:28

From: Right behind you.
Registered: 2012-08-15
Posts: 52

Enabling -fstack-protector-strong in makepkg.conf?

A little more than a year ago Google submitted a patch which added a -fstack-protector-strong option which was intended to strike a balance between -fstack-protector (used in Arch) and -fstack-protector-all which was considered too computationally expensive for google's chromiumos.  All of these options introduce measures to protect compiled programs against stack overflow attacks to varying degrees of security and performance.

This google doc sums up what the new flag introduces: … t?hl=en_US

My recently installed default /etc/makepkg.conf shows -fstack-protector (not -strong) in CFLAGS.  Is there a specific reason that it has not yet been implemented in Arch, or has it simply just "not happened" yet? 

Fedora 20 is now using -fstack-protector-strong.  After some searching I couldn't find anything here or on the arch bugtracker which discusses the new option.  I should add that I am by no means well-versed in security and this is something I would like to know more about.

Last edited by oboenerd (2013-12-08 03:13:19)

"I quoted myself." -oboenerd


#2 2013-12-08 03:51:25

From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,412

Re: Enabling -fstack-protector-strong in makepkg.conf?

This is something that should be brought up in the bug tracker I think.  Though, interestingly this is not documented in the gcc man page nor the gcc info page.

Edit: I didn't follow your links, but I do remember reading about this.  It would seem that this functionality has not been merged, as trying to use -fstack-protector-strong fails with:

gcc: error: unrecognized command line option '-fstack-protector-strong'

Last edited by WonderWoofy (2013-12-08 03:54:56)


#3 2014-02-03 03:55:09

Registered: 2014-01-11
Posts: 33

Re: Enabling -fstack-protector-strong in makepkg.conf?

Hi, i am using arch 201401,
my default gcc getting error like above when compiling kernel  3.14-rc1


#4 2014-02-03 05:36:40

Supreme Leader
From: Brisbane, AU
Registered: 2007-06-09
Posts: 10,726

Re: Enabling -fstack-protector-strong in makepkg.conf?

Well...   first you will need to wait until gcc-4.9 is released (April).   Fedora does a backport of the patches required, but I will not be.


Board footer

Powered by FluxBB