This is the mail archive of the libc-help@sourceware.org mailing list for the glibc project.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
On Monday 05 May 2008, Mark Seaborn wrote: > Mike Frysinger <vapier@gentoo.org> wrote: > > On Monday 05 May 2008, Mark Seaborn wrote: > > > It would be useful if glibc knew how to turn gcc's stack-protector > > > option off. This patch should do the trick. If -fno-stack-protector > > > is available it adds it to CFLAGS: > > > > ugh, no. this is the opposite of what we should do. glibc should > > detect that it's being built with SSP and so account for it. we > > build glibc with SSP in Hardened Gentoo. we havent bothered posting > > the changes to the libc lists though as we've always been told that > > what we want to do (build glibc with SSP) is stupid. > > I was under the impression that glibc uses -fstack-protector on the > parts that can handle it, so I guess you've made more or all of glibc > handle it. Where can I find the Gentoo changes for this? glibc follows the general redhat policy: only daemons that are networked are built as PIEs with SSP. that means only nscd is built as a PIE with SSP enabled. Hardened Gentoo takes a more extreme approach: build the entire system as PIEs with SSP. -mike
Attachment:
signature.asc
Description: This is a digitally signed message part.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |