aboutsummaryrefslogtreecommitdiffstats
path: root/virt
diff options
context:
space:
mode:
authorSam Ravnborg <sam@ravnborg.org>2008-02-13 16:43:28 -0500
committerSam Ravnborg <sam@ravnborg.org>2008-02-14 17:33:21 -0500
commite06b8b98da071f7dd78fb7822991694288047df0 (patch)
treef948b3f6ee9303bcce76e6500f0aba335b8b1d0e /virt
parent587c90616a5b44e6ccfac38e64d4fecee51d588c (diff)
kbuild: allow -fstack-protector to take effect
Arjan van de Ven <arjan@infradead.org> wrote: === I just read the excellent LWN writeup of the vmsplice security thing, and that got me wondering why this attack wasn't stopped by the CONFIG_CC_STACKPROTECTOR option... because it plain should have been... Some analysis later.. it turns out that the following line in the top level Makefile, added by you in October 2007, entirely disables CONFIG_CC_STACKPROTECTOR ;( With this line removed the exploit will be nicely stopped. CFLAGS += $(call cc-option, -fno-stack-protector) Now I realize that certain distros have patched gcc to compensate for their lack of distro wide CFLAGS, and it's great to work around that... but would there be a way to NOT disable this for CONFIG_CC_STACKPROTECTOR please? It would have made this exploit not possible for those kernels that enable this feature (and that includes distros like Fedora) === Move the assignment to KBUILD_CFLAGS up before including the arch specific Makefile so arch makefiles may override the setting. Signed-off-by: Sam Ravnborg <sam@ravnborg.org> Cc: Arjan van de Ven <arjan@infradead.org> Cc: stable@kernel.org
Diffstat (limited to 'virt')
0 files changed, 0 insertions, 0 deletions