grsecurity forums


https://forums.grsecurity.net./

fstack-protector settings

https://forums.grsecurity.net./viewtopic.php?f=3&t=3882

Page 1 of 1

fstack-protector settings

PostPosted: Wed Nov 27, 2013 2:54 pm
by Construx
Linux kernel compiling options for CONFIG_CC_STACKPROTECTION appear in a section separate from the general section for grsec options, namely in the section called "processor type and features". It seems out of place here, or possibly redundant, when there is already a whole section made especially for grsecurity options. How does this feature fit in with the scheme of general grsec configuration, and is there any reason not to enable it?

Re: fstack-protector settings

PostPosted: Wed Nov 27, 2013 3:27 pm
by PaX Team
this option is part of upstream linux not grsec per se, that's why it's where it is. as for its usefulness... that's a long story, but the gist of it is that SSP in the kernel as currently implemented is very much useless and i advise against using it, it only gives one a false sense of security.

Re: fstack-protector settings

PostPosted: Thu Nov 28, 2013 10:40 pm
by Construx
> ".. the gist of it is that SSP in the kernel as currently implemented is very much useless and i advise against using it."

That's pretty much what I suspected, anyway. Rather like putting butter on a burn: an old wives' tale that actually did more harm than good. :) Thanks.
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/