This patch adds the config options for -fstack-protector
Signed-off-by: Arjan van de Ven <[email protected]>
---
arch/x86_64/Kconfig | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
Index: linux-2.6.16-rc6-stack-protector/arch/x86_64/Kconfig
===================================================================
--- linux-2.6.16-rc6-stack-protector.orig/arch/x86_64/Kconfig
+++ linux-2.6.16-rc6-stack-protector/arch/x86_64/Kconfig
@@ -462,6 +462,31 @@ config SECCOMP
If unsure, say Y. Only embedded should say N here.
+config STACK_PROTECTOR
+ bool "Enable -fstack-protector buffer overflow detection (EXPRIMENTAL)"
+ depends on EXPERIMENTAL
+ default n
+ help
+ This option turns on the -fstack-protector GCC feature that is new
+ in GCC version 4.1. This feature puts, at the beginning of
+ critical functions, a canary value on the stack just before the return
+ address, and validates the value just before actually returning.
+ Stack based buffer overflows that need to overwrite this return
+ address now also overwrite the canary, which gets detected.
+
+ NOTE NOTE NOTE
+ At this point this requires a special, patched GCC compiler!
+ Do not enable this unless you are using such a compiler.
+
+config STACK_PROTECTOR_ALL
+ bool "Use stack-protector for all functions"
+ depends on STACK_PROTECTOR
+ default n
+ help
+ Normally, GCC only inserts the canary value protection for
+ functions that use large-ish on-stack buffers. By enabling
+ this option, GCC will be asked to do this for ALL functions.
+
source kernel/Kconfig.hz
endmenu
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]