This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH 1/2] BZ#10375: Configure magic to use -U_FORTIFY_SOURCE if needed.


On 8 May 2012, Mike Frysinger outgrape:

>                                                             iirc, it's 
> possible to build glibc with ssp today as long as you make sure it's turned off 
> for the ldso itself.

It certainly is: my glibc is so built on my security-sensitive and
network-exposed boxes. There is a performance loss, but the most
pathological benchmarks I've been able to produce show it as less than
2%.

(I suspect one could enable it for much of ld.so as well -- certainly
for all of ld.so after main() is called and quite possibly all of it
after ld.so has relocated itself. This would certainly require a bunch
of flipping of the stack-protector option within individual source
files. Until we can rely on #pragma GCC push_options this would require
substantial reorganization of the ld.so source, which seems to be
excessive work for the reward.)

-- 
NULL && (void)


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]