-fno-stack-protector (was: Building glibc from CVS on x86 Ubuntu Hardy)

Mike Frysinger vapier@gentoo.org
Mon May 5 16:03:00 GMT 2008


On Monday 05 May 2008, Mark Seaborn wrote:
> Reuben Thomas <rrt@sc3d.org> wrote:
> > On Fri, 2 May 2008, Ryan S. Arnold wrote:
> > > Try it without the -fno-stack-protector too to see if that works.
> >
> > That doesn't work. Why not? I see it says "Checking for
> > -fstack-protector" while configuring. Is it because the Ubuntu compiler
> > switches this on by default and the libc configure doesn't know to turn
> > it off?
>
> That's exactly it.  Ubuntu has some notes about this on
> <https://wiki.ubuntu.com/GccSsp>.
>
> By the way, I have some notes on issues like this on
> <http://plash.beasts.org/wiki/GlibcBuildIssues> which may be useful to
> people on this mailing list.
>
> It would be useful if glibc knew how to turn gcc's stack-protector
> option off.  This patch should do the trick.  If -fno-stack-protector
> is available it adds it to CFLAGS:

ugh, no.  this is the opposite of what we should do.  glibc should detect that 
it's being built with SSP and so account for it.  we build glibc with SSP in 
Hardened Gentoo.  we havent bothered posting the changes to the libc lists 
though as we've always been told that what we want to do (build glibc with 
SSP) is stupid.  then again, many of the things we've done in Hardened Gentoo 
we were told was stupid, yet it magically got implemented in upstream and 
became the default ...
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: This is a digitally signed message part.
URL: <http://sourceware.org/pipermail/libc-help/attachments/20080505/b1937dcf/attachment.sig>


More information about the Libc-help mailing list