summary refs log tree commit diff
path: root/manual
diff options
context:
space:
mode:
authorNick Alcock <nick.alcock@oracle.com>2016-12-26 10:08:18 +0100
committerFlorian Weimer <fweimer@redhat.com>2016-12-26 10:08:19 +0100
commit03baef1c9cfb396d76cae20a00aee657871e79c4 (patch)
treeed115b828293aa26c4b5f338391286b25eaa955e /manual
parent81e0662e5f2c342ffa413826b7b100d56677b613 (diff)
downloadglibc-03baef1c9cfb396d76cae20a00aee657871e79c4.tar.gz
glibc-03baef1c9cfb396d76cae20a00aee657871e79c4.tar.xz
glibc-03baef1c9cfb396d76cae20a00aee657871e79c4.zip
Configure support for --enable-stack-protector [BZ #7065]
This adds =all and =strong, with obvious semantics, defaulting to off.

We don't validate the value of the option yet: that's in a later patch.
Nor do we use it for anything at this stage.

We differentiate between 'the compiler understands -fstack-protector'
and 'the user wanted -fstack-protector' so that we can pass
-fno-stack-protector in appropriate places even if the user didn't want
to turn on -fstack-protector for other parts.  (This helps us overcome
another existing limitation, that glibc doesn't work with GCCs hacked
to pass in -fstack-protector by default.)

We also arrange to set the STACK_PROTECTOR_LEVEL #define to a value
appropriate for the stack-protection level in use for each file in
particular.
Diffstat (limited to 'manual')
-rw-r--r--manual/install.texi11
1 files changed, 11 insertions, 0 deletions
diff --git a/manual/install.texi b/manual/install.texi
index 35e02ada58..d02e87091f 100644
--- a/manual/install.texi
+++ b/manual/install.texi
@@ -164,6 +164,17 @@ time.  Consult the @file{timezone} subdirectory for more details.
 @item --enable-lock-elision=yes
 Enable lock elision for pthread mutexes by default.
 
+@item --enable-stack-protector
+@itemx --enable-stack-protector=strong
+@itemx --enable-stack-protector=all
+Compile the C library and all other parts of the glibc package
+(including the threading and math libraries, NSS modules, and
+transliteration modules) using the GCC @option{-fstack-protector},
+@option{-fstack-protector-strong} or @option{-fstack-protector-all}
+options to detect stack overruns.  Only the dynamic linker and a small
+number of routines called directly from assembler are excluded from this
+protection.
+
 @pindex pt_chown
 @findex grantpt
 @item --enable-pt_chown