This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 01/14 v7] Configury support for --enable-stack-protector.
- From: Florian Weimer <fweimer at redhat dot com>
- To: Nix <nix at esperi dot org dot uk>
- Cc: libc-alpha at sourceware dot org, Nick Alcock <nick dot alcock at oracle dot com>
- Date: Fri, 24 Jun 2016 16:50:45 +0200
- Subject: Re: [PATCH 01/14 v7] Configury support for --enable-stack-protector.
- Authentication-results: sourceware.org; auth=none
- References: <1465297576-10981-1-git-send-email-nix at esperi dot org dot uk> <1465297576-10981-2-git-send-email-nix at esperi dot org dot uk>
On 06/07/2016 01:06 PM, Nix wrote:
+ AC_HELP_STRING([--enable-stack-protector=@<:@yes|no|all|strong@:>@],
+ [Use -fstack-protector[-all|-strong] to detect glibc buffer overflows]),
I think this should say: “Compile glibc with
-fstack-protector{,-all,-strong}”. The expectation is that this detects
not just glibc buffer overflows. (I do not have strong opinions about
the option formatting.)
+@item --enable-stack-protector
+@itemx --enable-stack-protector=strong
+@itemx --enable-stack-protector=all
+Compile the C library and all other parts of the glibc package
+(including the threading and math libraries, NSS modules, and
+transliteration modules) using the GCC @option{-fstack-protector},
+@option{-fstack-protector-strong} or @option{-fstack-protector-all}
+options to detect stack overruns. Only the dynamic linker and a small
+number of routines called directly from assembler are excluded from this
+protection.
I would drop the final sentence. It does not provide much information
and is also not entirely correct (being called from assembler doesn't
make much of a difference).
Thanks,
Florian