fstack-protector settings
3 posts
• Page 1 of 1
fstack-protector settings
by Construx » Wed Nov 27, 2013 2:54 pm
Linux kernel compiling options for CONFIG_CC_STACKPROTECTION appear in a section separate from the general section for grsec options, namely in the section called "processor type and features". It seems out of place here, or possibly redundant, when there is already a whole section made especially for grsecurity options. How does this feature fit in with the scheme of general grsec configuration, and is there any reason not to enable it?
- Construx
- Posts: 25
- Joined: Tue Jul 02, 2013 7:27 pm
Re: fstack-protector settings
by PaX Team » Wed Nov 27, 2013 3:27 pm
this option is part of upstream linux not grsec per se, that's why it's where it is. as for its usefulness... that's a long story, but the gist of it is that SSP in the kernel as currently implemented is very much useless and i advise against using it, it only gives one a false sense of security.
- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
Re: fstack-protector settings
by Construx » Thu Nov 28, 2013 10:40 pm
> ".. the gist of it is that SSP in the kernel as currently implemented is very much useless and i advise against using it."
That's pretty much what I suspected, anyway. Rather like putting butter on a burn: an old wives' tale that actually did more harm than good.
Thanks.
That's pretty much what I suspected, anyway. Rather like putting butter on a burn: an old wives' tale that actually did more harm than good.
Thanks.- Construx
- Posts: 25
- Joined: Tue Jul 02, 2013 7:27 pm
3 posts
• Page 1 of 1