|
version 1.28, 2017/11/07 02:00:44
|
version 1.29, 2017/11/07 02:14:50
|
|
Line 36 It has been enabled by default since pkg
|
Line 36 It has been enabled by default since pkg
|
| |
|
| ### PKGSRC_USE_SSP |
### PKGSRC_USE_SSP |
| |
|
| This enables a stack-smashing protection mitigation. |
This enables a stack-smashing protection mitigation. It is done by adding a |
| |
guard variable to functions with vulnerable objects. The guards are initialized |
| TODO: Give a link to a good explanation. Explain if this is gcc |
when a function is entered and then checked when the function exits. The guard |
| specific or also works with other compilers. Explain if it is C/C++ only. |
check will fail and the program forcibly exited if the variable was modified in |
| |
the meantime. This can happen in case of buffer overflows or memory corruption, |
| |
and therefore exposing these bugs. |
| |
|
| |
This mitigation is supported by both GCC and clang. It may be supported in |
| |
additional compilers, possibly under a different name. It is particularly useful |
| |
for unsafe programming languages, such as C/C++. |
| |
|
| It is enabled by default where known supported since pkgsrc-2017Q3. |
It is enabled by default where known supported since pkgsrc-2017Q3. |
| |
|
| |
* <https://en.wikipedia.org/wiki/Buffer_overflow_protection> |
| |
|
| ## Enabled by default in pkgsrc HEAD |
## Enabled by default in pkgsrc HEAD |
| |
|
| ## Not enabled by default |
## Not enabled by default |
![[BACK]](/icons/back.gif){kind=icon}
Return to hardening.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / pkgsrc