diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
commit | 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch) | |
tree | ba5f07bf3f9d22d82e54a462313f5d244036c768 /metadata/news/2014-06-15-gcc48_ssp/2014-06-15-gcc48_ssp.en.txt |
reinit the tree, so we can have metadata
Diffstat (limited to 'metadata/news/2014-06-15-gcc48_ssp/2014-06-15-gcc48_ssp.en.txt')
-rw-r--r-- | metadata/news/2014-06-15-gcc48_ssp/2014-06-15-gcc48_ssp.en.txt | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/metadata/news/2014-06-15-gcc48_ssp/2014-06-15-gcc48_ssp.en.txt b/metadata/news/2014-06-15-gcc48_ssp/2014-06-15-gcc48_ssp.en.txt new file mode 100644 index 000000000000..926f6ffdb26b --- /dev/null +++ b/metadata/news/2014-06-15-gcc48_ssp/2014-06-15-gcc48_ssp.en.txt @@ -0,0 +1,36 @@ +Title: GCC 4.8.3 defaults to -fstack-protector +Author: Ryan Hill <rhill@gentoo.org> +Content-Type: text/plain +Posted: 2014-06-15 +Revision: 2 +News-Item-Format: 1.0 +Display-If-Installed: >=sys-devel/gcc-4.8.3 +Display-If-Keyword: amd64 +Display-If-Keyword: arm +Display-If-Keyword: mips +Display-If-Keyword: ppc +Display-If-Keyword: ppc64 +Display-If-Keyword: x86 +Display-If-Keyword: amd64-fbsd +Display-If-Keyword: x86-fbsd + +Beginning with GCC 4.8.3, Stack Smashing Protection (SSP) will be +enabled by default. The 4.8 series will enable -fstack-protector +while 4.9 and later enable -fstack-protector-strong. + +SSP is a security feature that attempts to mitigate stack-based buffer +overflows by placing a canary value on the stack after the function +return pointer and checking for that value before the function returns. +If a buffer overflow occurs and the canary value is overwritten, the +program aborts. + +There is a small performance cost to these features. They can be +disabled with -fno-stack-protector. + +For more information these options, refer to the GCC Manual, or the +following articles. + +http://en.wikipedia.org/wiki/Buffer_overflow_protection +http://en.wikipedia.org/wiki/Stack_buffer_overflow +https://securityblog.redhat.com/tag/stack-protector +http://www.outflux.net/blog/archives/2014/01/27/fstack-protector-strong |