Re: 2.6.25-mm1: not looking good
From: Ingo Molnar
Date: Fri Apr 18 2008 - 05:29:29 EST
* Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> wrote:
> > > A #warning sounds more appropriate.
> >
> > this warning is telling the user that the security feature that got
> > enabled in the .config is completely, 100% not working due to using
> > a stack-protector-incapable GCC.
>
> I doubt if anyone will care much.
you noticed it ;-) Distro maintainers will notice it too if it pops up
when something breaks StackProtector. Normal user might not notice. (but
normal user might not notice a few hundred guest roots either)
but ... the real thing that made it slip into your config was that it
was default-enabled in x86/latest - the patch below should fix that.
we need the warning: it could have caught the toplevel Makefile change
last October that broke StackProtector completely. So no, we wont be and
cannot be silent about this anymore - we need and now have an end-to-end
test about it.
Ingo
------------------>
Subject: stackprotector: non default
From: Ingo Molnar <mingo@xxxxxxx>
Date: Fri Apr 18 11:13:17 CEST 2008
Signed-off-by: Ingo Molnar <mingo@xxxxxxx>
---
arch/x86/Kconfig | 1 -
1 file changed, 1 deletion(-)
Index: linux-x86.q/arch/x86/Kconfig
===================================================================
--- linux-x86.q.orig/arch/x86/Kconfig
+++ linux-x86.q/arch/x86/Kconfig
@@ -1146,7 +1146,6 @@ config CC_STACKPROTECTOR
bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
depends on X86_64
select CC_STACKPROTECTOR_ALL
- default y
help
This option turns on the -fstack-protector GCC feature. This
feature puts, at the beginning of functions, a canary value on
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/