diff options
Diffstat (limited to '2014-06-15-gcc48_ssp/2014-06-15-gcc48_ssp.en.txt')
| -rw-r--r-- | 2014-06-15-gcc48_ssp/2014-06-15-gcc48_ssp.en.txt | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/2014-06-15-gcc48_ssp/2014-06-15-gcc48_ssp.en.txt b/2014-06-15-gcc48_ssp/2014-06-15-gcc48_ssp.en.txt new file mode 100644 index 0000000..926f6ff --- /dev/null +++ b/2014-06-15-gcc48_ssp/2014-06-15-gcc48_ssp.en.txt @@ -0,0 +1,36 @@ +Title: GCC 4.8.3 defaults to -fstack-protector +Author: Ryan Hill <rhill@gentoo.org> +Content-Type: text/plain +Posted: 2014-06-15 +Revision: 2 +News-Item-Format: 1.0 +Display-If-Installed: >=sys-devel/gcc-4.8.3 +Display-If-Keyword: amd64 +Display-If-Keyword: arm +Display-If-Keyword: mips +Display-If-Keyword: ppc +Display-If-Keyword: ppc64 +Display-If-Keyword: x86 +Display-If-Keyword: amd64-fbsd +Display-If-Keyword: x86-fbsd + +Beginning with GCC 4.8.3, Stack Smashing Protection (SSP) will be +enabled by default. The 4.8 series will enable -fstack-protector +while 4.9 and later enable -fstack-protector-strong. + +SSP is a security feature that attempts to mitigate stack-based buffer +overflows by placing a canary value on the stack after the function +return pointer and checking for that value before the function returns. +If a buffer overflow occurs and the canary value is overwritten, the +program aborts. + +There is a small performance cost to these features. They can be +disabled with -fno-stack-protector. + +For more information these options, refer to the GCC Manual, or the +following articles. + +http://en.wikipedia.org/wiki/Buffer_overflow_protection +http://en.wikipedia.org/wiki/Stack_buffer_overflow +https://securityblog.redhat.com/tag/stack-protector +http://www.outflux.net/blog/archives/2014/01/27/fstack-protector-strong |