Diff for /wikisrc/pkgsrc/hardening.mdwn between versions 1.28 and 1.29

version 1.28, 2017/11/07 02:00:44 version 1.29, 2017/11/07 02:14:50
Line 36  It has been enabled by default since pkg Line 36  It has been enabled by default since pkg
   
 ### PKGSRC_USE_SSP  ### PKGSRC_USE_SSP
   
 This enables a stack-smashing protection mitigation.  This enables a stack-smashing protection mitigation. It is done by adding a
   guard variable to functions with vulnerable objects. The guards are initialized
 TODO: Give a link to a good explanation. Explain if this is gcc  when a function is entered and then checked when the function exits. The guard
 specific or also works with other compilers. Explain if it is C/C++ only.  check will fail and the program forcibly exited if the variable was modified in
   the meantime. This can happen in case of buffer overflows or memory corruption,
   and therefore exposing these bugs.
   
   This mitigation is supported by both GCC and clang. It may be supported in
   additional compilers, possibly under a different name. It is particularly useful
   for unsafe programming languages, such as C/C++.
   
 It is enabled by default where known supported since pkgsrc-2017Q3.  It is enabled by default where known supported since pkgsrc-2017Q3.
   
   * <https://en.wikipedia.org/wiki/Buffer_overflow_protection>
   
 ## Enabled by default in pkgsrc HEAD  ## Enabled by default in pkgsrc HEAD
   
 ## Not enabled by default  ## Not enabled by default

Removed from v.1.28  
changed lines
  Added in v.1.29


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb