propolice for GCC?

ibotty bsd at ibotty.net
Wed Dec 10 14:33:56 PST 2003


>      Ok.  I've looked at the code output and it does impose some
>      fairly serious overheads, so I am going to default the compiler
>      to off instead of on.  We can then add -fstack-protector to
>      sys.mk, /etc/make.conf, or wherever else we need to add it.

should we build sendmail, bind and everything else which servers to the
outside build with -fstack-protector by default.

i guess, this way we would catch most bugs, yet do not slow down /bin/sh
that much (hehe, at least we dont have dynamic /bin/sh >;]

~ibotty





More information about the Kernel mailing list