feature request: build default -fstack-protector-strong
How are the chances of of getting all slackware-packages compiled with -fstack-protector-strong? It seems to be a rather low hanging fruit to take and profit at a marginal cost.
It's been for some time in gcc, -strong is in gcc since 4.9. Several distributions [Fedora, Chrome OS (they implemented -strong), Arch, etc.] are using it for some time now. You can use it for the kernel (which I do for some time now).
I'd vote for a patch for gcc to use the stack-protector by default (with -D_FORTIFY_SOURCE=2 ?).
For problematic packages one could simply disable the use of the stack-protector using -fno-stack-protector in the respective slackbuild CFLAGS.
Last edited by eldercitizen; 11-21-2015 at 05:52 AM.
|