This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 1/2] BZ#10375: Configure magic to use -U_FORTIFY_SOURCE if needed.
On 8 May 2012, Mike Frysinger outgrape:
> iirc, it's
> possible to build glibc with ssp today as long as you make sure it's turned off
> for the ldso itself.
It certainly is: my glibc is so built on my security-sensitive and
network-exposed boxes. There is a performance loss, but the most
pathological benchmarks I've been able to produce show it as less than
2%.
(I suspect one could enable it for much of ld.so as well -- certainly
for all of ld.so after main() is called and quite possibly all of it
after ld.so has relocated itself. This would certainly require a bunch
of flipping of the stack-protector option within individual source
files. Until we can rely on #pragma GCC push_options this would require
substantial reorganization of the ld.so source, which seems to be
excessive work for the reward.)
--
NULL && (void)