Re: [patch 2/5] Add the Kconfig option for the stackprotector feature

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Adrian Bunk <bunk@stusta.de>
To: Arjan van de Ven <arjan@linux.intel.com>
Cc: linux-kernel@vger.kernel.org, akpm@osdl.org, ak@suse.de
Subject: Re: [patch 2/5] Add the Kconfig option for the stackprotector feature
Date: Sat, 29 Jul 2006 19:48:40 +0200	[thread overview]
Message-ID: <20060729174840.GE26963@stusta.de> (raw)
In-Reply-To: <1154102627.6416.13.camel@laptopd505.fenrus.org>

On Fri, Jul 28, 2006 at 06:03:46PM +0200, Arjan van de Ven wrote:
>...
> --- linux-2.6.18-rc2-git5-stackprot.orig/arch/x86_64/Kconfig
> +++ linux-2.6.18-rc2-git5-stackprot/arch/x86_64/Kconfig
> @@ -522,6 +522,31 @@ config SECCOMP
>  
>  	  If unsure, say Y. Only embedded should say N here.
>  
> +config CC_STACKPROTECTOR
> +	bool "Enable -fstack-protector buffer overflow detection (EXPRIMENTAL)"
> +	depends on EXPERIMENTAL
> +	default n

You can remove the "default n".

> +	help
> +	  This option turns on the -fstack-protector GCC feature that is new
> +	  in GCC version 4.1. This feature puts, at the beginning of
> +	  critical functions, a canary value on the stack just before the return
> +	  address, and validates the value just before actually returning.
> +	  Stack based buffer overflows that need to overwrite this return
> +	  address now also overwrite the canary, which gets detected.
> +
> +	  NOTE 
> +	  This feature requires gcc version 4.2 or above, or a distribution
> +	  gcc with the feature backported. For older gcc versions, this is a NOP.

After reading this thread, I do understand why you write once 
"GCC version 4.1" and once "gcc version 4.2".

But for the normal user this will be quite confusing.

What about simply removing the first sentence of the help text since 
it's anyway handled by the NOTE?

> +config CC_STACKPROTECTOR_ALL
> +	bool "Use stack-protector for all functions"
> +	depends on CC_STACKPROTECTOR
> +	default n

You can remove the "default n".

> +	help
> +	  Normally, GCC only inserts the canary value protection for
> +	  functions that use large-ish on-stack buffers. By enabling
> +	  this option, GCC will be asked to do this for ALL functions.
> +

cu
Adrian

-- 

    Gentoo kernels are 42 times more popular than SUSE kernels among
    KLive users  (a service by SUSE contractor Andrea Arcangeli that
    gathers data about kernels from many users worldwide).

       There are three kinds of lies: Lies, Damn Lies, and Statistics.
                                                    Benjamin Disraeli

next prev parent reply	other threads:[~2006-07-29 17:48 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <1154102546.6416.9.camel@laptopd505.fenrus.org>
2006-07-28 16:03 ` [patch 1/5] Add comments to the PDA structure to annotate offsets Arjan van de Ven
2006-07-28 18:41   ` Andi Kleen
2006-07-28 18:43     ` Arjan van de Ven
2006-07-28 18:52       ` Andi Kleen
2006-07-28 18:57         ` Arjan van de Ven
2006-07-28 20:32         ` Arjan van de Ven
2006-07-28 16:03 ` [patch 2/5] Add the Kconfig option for the stackprotector feature Arjan van de Ven
2006-07-28 16:24   ` Daniel Walker
2006-07-28 16:27     ` Arjan van de Ven
2006-07-28 18:42       ` Andi Kleen
2006-07-28 18:49         ` Arjan van de Ven
2006-07-28 17:13     ` Paweł Sikora
2006-07-28 17:26       ` Arjan van de Ven
2006-07-28 17:56       ` Thierry Vignaud
2006-07-28 18:06         ` Paweł Sikora
2006-07-29 17:48   ` Adrian Bunk [this message]
2006-07-29 18:50     ` Andi Kleen
2006-07-29 18:57       ` Adrian Bunk
2006-07-29 19:04         ` Andi Kleen
2006-07-29 19:19           ` Adrian Bunk
2006-07-30 16:14             ` Valdis.Kletnieks
2006-07-30 16:49               ` Adrian Bunk
2006-07-31  2:06                 ` Valdis.Kletnieks
2006-07-30 17:47               ` Arjan van de Ven
2006-07-28 16:04 ` [patch 3/5] Add the canary field to the PDA area and the task struct Arjan van de Ven
2006-07-28 16:05 ` [patch 4/5] Add the __stack_chk_fail() function Arjan van de Ven
2006-07-28 16:05 ` [patch 5/5] Add the -fstack-protector option to the CFLAGS Arjan van de Ven
2006-07-28 18:45   ` Andi Kleen
2006-07-28 18:48     ` Arjan van de Ven
2006-07-28 19:00       ` Andi Kleen
2006-07-28 19:53         ` Arjan van de Ven
2006-07-28 21:26         ` Sam Ravnborg
2006-07-28 21:40           ` Arjan van de Ven
2006-07-28 21:58             ` Sam Ravnborg
2006-07-28 22:31               ` Arjan van de Ven
2006-07-28 23:05       ` Valdis.Kletnieks
2006-07-28 23:12         ` David Miller
2006-07-28 23:51           ` Valdis.Kletnieks
2006-07-29  7:41             ` Arjan van de Ven

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060729174840.GE26963@stusta.de \
    --to=bunk@stusta.de \
    --cc=ak@suse.de \
    --cc=akpm@osdl.org \
    --cc=arjan@linux.intel.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox