From 03baef1c9cfb396d76cae20a00aee657871e79c4 Mon Sep 17 00:00:00 2001 From: Nick Alcock Date: Mon, 26 Dec 2016 10:08:18 +0100 Subject: Configure support for --enable-stack-protector [BZ #7065] This adds =all and =strong, with obvious semantics, defaulting to off. We don't validate the value of the option yet: that's in a later patch. Nor do we use it for anything at this stage. We differentiate between 'the compiler understands -fstack-protector' and 'the user wanted -fstack-protector' so that we can pass -fno-stack-protector in appropriate places even if the user didn't want to turn on -fstack-protector for other parts. (This helps us overcome another existing limitation, that glibc doesn't work with GCCs hacked to pass in -fstack-protector by default.) We also arrange to set the STACK_PROTECTOR_LEVEL #define to a value appropriate for the stack-protection level in use for each file in particular. --- manual/install.texi | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'manual') diff --git a/manual/install.texi b/manual/install.texi index 35e02ada58..d02e87091f 100644 --- a/manual/install.texi +++ b/manual/install.texi @@ -164,6 +164,17 @@ time. Consult the @file{timezone} subdirectory for more details. @item --enable-lock-elision=yes Enable lock elision for pthread mutexes by default. +@item --enable-stack-protector +@itemx --enable-stack-protector=strong +@itemx --enable-stack-protector=all +Compile the C library and all other parts of the glibc package +(including the threading and math libraries, NSS modules, and +transliteration modules) using the GCC @option{-fstack-protector}, +@option{-fstack-protector-strong} or @option{-fstack-protector-all} +options to detect stack overruns. Only the dynamic linker and a small +number of routines called directly from assembler are excluded from this +protection. + @pindex pt_chown @findex grantpt @item --enable-pt_chown -- cgit 1.4.1