DragonFly_RELEASE_1_2 buildworld failed with fstack protector

Matthew Dillon dillon at apollo.backplane.com
Sun Apr 10 09:57:41 PDT 2005

:finished without a problem.
:Since we are running DragonFly on a production server I would like it to 
:be as secure as possible (which is why I would like to compile world & 
:kernel with -fstack-protector flag) and as stable as possible.
:IS there a way to compile world with "fstack protection" on RELEASE_1_2 
:(an possibly future preview releases)?
:Are there any reasons why world, kernel or userland binaries should NOT 
:be compiled with "fstach protector" (for ex. stability issues)?
:Thank you very much for your help!

    If you compiler with gcc-3.4 (CCVER ?= gcc34 in /etc/make.conf would do
    it) then userland will be compiled with the stack protector.

    The boot code and the kernel will not be.  The boot code because bad
    things happen when we do, and the kernel because I don't trust the
    stack protector code generation in GCC enough to do that (besides,
    the kernel uses so few on-stack buffers it wouldn't do much anyway).

					Matthew Dillon 
					<dillon at xxxxxxxxxxxxx>

More information about the Users mailing list