In Fedora22, GCC not enabled the -fstack-protector by default, why?
Josh Stone
jistone at redhat.com
Tue Jun 30 00:47:03 UTC 2015
On 06/29/2015 07:47 AM, 乱雪 wrote:
> Such as:
>
> // x.c
> #include <stdio.h>
>
> int main(void) {
> char x[] = "abc";
> printf("%s\n", x);
> return 0;
> }
>
> and using GCC compile it:
>
> ➜ gcc x.c -v
>
> ......
> /usr/libexec/gcc/x86_64-redhat-linux/5.1.1/cc1 -quiet -v x.c -quiet
> -dumpbase x.c -mtune=generic -march=x86-64 -auxbase x -version -o
> /tmp/ccqowh4f.s
> ......
>
> as you see, GCC not enabled the -fstack-protector by default. And in
> Ubuntu:
>
> ➜ gcc x.c -v
>
> /usr/lib/gcc/x86_64-linux-gnu/4.6/cc1 -quiet -v -imultilib .
> -imultiarch x86_64-linux-gnu x.c -quiet -dumpbase x.c -mtune=generic
> -march=x86-64 -auxbase x -version *-fstack-protector *-o /tmp/cc0aswkw.s
>
> the enabled the -fstack-protector by default.
>
> why?
AFAIK, the only way Fedora gcc has changed the upstream default options
is for the default type of debuginfo
gcc.spec:993:
# Default to -gdwarf-4 -fno-debug-types-section rather than -gdwarf-2
I'd guess that -fstack-protector makes too much difference to code
generation to risk changing its default. It is part of optflags for all
distro packages though.
$ rpmbuild --showrc | grep stack-protector
-14: __global_cflags -O2 -g -pipe -Wall -Werror=format-security
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
--param=ssp-buffer-size=4 -grecord-gcc-switches %{_hardened_cflags}
More information about the devel
mailing list