feature request: build default -fstack-protector-strong
How are the chances of of getting all slackware-packages compiled with -fstack-protector-strong? It seems to be a rather low hanging fruit to take and profit at a marginal cost.
It's been for some time in gcc, -strong is in gcc since 4.9. Several distributions [Fedora, Chrome OS (they implemented -strong), Arch, etc.] are using it for some time now. You can use it for the kernel (which I do for some time now). I'd vote for a patch for gcc to use the stack-protector by default (with -D_FORTIFY_SOURCE=2 ?). For problematic packages one could simply disable the use of the stack-protector using -fno-stack-protector in the respective slackbuild CFLAGS. |
+1
Not sure why this good idea hasn't had more input. |
All times are GMT -5. The time now is 04:10 PM. |