diff options
| author | Gavin Andresen <[email protected]> | 2011-10-24 11:29:32 -0700 |
|---|---|---|
| committer | Gavin Andresen <[email protected]> | 2011-10-24 11:29:32 -0700 |
| commit | d760b5c97957ae2484c20890ffd67fb633afca9c (patch) | |
| tree | 75456ada2427de3ffe813d01d1cfb668e8a1278b /src | |
| parent | Merge pull request #591 from laanwj/translation_lookup_logic (diff) | |
| parent | Added a workaround for an Ubuntu bug which causes -fstack-protector-all to be... (diff) | |
| download | discoin-d760b5c97957ae2484c20890ffd67fb633afca9c.tar.xz discoin-d760b5c97957ae2484c20890ffd67fb633afca9c.zip | |
Merge pull request #586 from cjdelisle/hardening-bug-workaround
Added a workaround for an Ubuntu bug which causes -fstack-protector-all t
Diffstat (limited to 'src')
| -rw-r--r-- | src/makefile.unix | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/makefile.unix b/src/makefile.unix index 871aedd1a..5f841ea0f 100644 --- a/src/makefile.unix +++ b/src/makefile.unix @@ -51,12 +51,17 @@ LIBS+= \ # Hardening # Make some classes of vulnerabilities unexploitable in case one is discovered. # + # This is a workaround for Ubuntu bug #691722, the default -fstack-protector causes + # -fstack-protector-all to be ignored unless -fno-stack-protector is used first. + # see: https://bugs.launchpad.net/ubuntu/+source/gcc-4.5/+bug/691722 + HARDENING=-fno-stack-protector + # Stack Canaries # Put numbers at the beginning of each stack frame and check that they are the same. # If a stack buffer if overflowed, it writes over the canary number and then on return # when that number is checked, it won't be the same and the program will exit with # a "Stack smashing detected" error instead of being exploited. - HARDENING=-fstack-protector-all -Wstack-protector + HARDENING+=-fstack-protector-all -Wstack-protector # Make some important things such as the global offset table read only as soon as # the dynamic linker is finished building it. This will prevent overwriting of addresses |