DragonFly_RELEASE_1_2 buildworld failed with fstack protector
Matthew Dillon
dillon at apollo.backplane.com
Sun Apr 10 09:57:41 PDT 2005
:finished without a problem.
:
:Since we are running DragonFly on a production server I would like it to
:be as secure as possible (which is why I would like to compile world &
:kernel with -fstack-protector flag) and as stable as possible.
:
:IS there a way to compile world with "fstack protection" on RELEASE_1_2
:(an possibly future preview releases)?
:
:Are there any reasons why world, kernel or userland binaries should NOT
:be compiled with "fstach protector" (for ex. stability issues)?
:
:Thank you very much for your help!
:
:Jurij
If you compiler with gcc-3.4 (CCVER ?= gcc34 in /etc/make.conf would do
it) then userland will be compiled with the stack protector.
The boot code and the kernel will not be. The boot code because bad
things happen when we do, and the kernel because I don't trust the
stack protector code generation in GCC enough to do that (besides,
the kernel uses so few on-stack buffers it wouldn't do much anyway).
-Matt
Matthew Dillon
<dillon at xxxxxxxxxxxxx>
More information about the Users
mailing list