| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGXu5jLt4xoxXTw83-npD4WmumPzSC9WnbOkkDoR=VYa5R4rYw@mail.gmail.com>
Date: Fri, 13 Apr 2018 09:41:48 -0700
From: Kees Cook <keescook@...omium.org>
To: Masahiro Yamada <yamada.masahiro@...ionext.com>
Cc: linux-kbuild <linux-kbuild@...r.kernel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Sam Ravnborg <sam@...nborg.org>,
Ulf Magnusson <ulfalizer@...il.com>,
Nicholas Piggin <npiggin@...il.com>,
Emese Revfy <re.emese@...il.com>, X86 ML <x86@...nel.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 21/30] stack-protector: test compiler capability in
Kconfig and drop AUTO mode
On Thu, Apr 12, 2018 at 10:06 PM, Masahiro Yamada
<yamada.masahiro@...ionext.com> wrote:
> +stackp-flags-$(CONFIG_CC_HAS_STACKPROTECTOR_NONE) := -fno-stack-protector
> +stackp-flags-$(CONFIG_CC_STACKPROTECTOR) := -fstack-protector
> +stackp-flags-$(CONFIG_CC_STACKPROTECTOR_STRONG) := -fstack-protector-strong
> +
> +KBUILD_CFLAGS += $(stackp-flags-y)
So, technically, this works just fine. I wonder if it has an overly
confusing result, in that the compiler under normal situations will
see:
gcc ... -fno-stack-protector -fstack-protector -fstack-protector-strong ...
How about something like this instead:
ifdef CONFIG_CC_STACKPROTECTOR_STRONG
KBUILD_CFLAGS += -fstack-protector-strong
else
ifdef CONFIG_CC_STACKPROTECTOR
KBUILD_CFLAGS += -fstack-protector
else
KBUILD_CFLAGS += -fno-stack-protector
endif
endif
-Kees
--
Kees Cook
Pixel Security
Powered by blists - more mailing lists