Misc #15053
closed
Using -fstack-protector-strong instead of -fstack-protector conditionally.
Description
When running a code analysis tool for ruby, I got a warning Insufficient stack protection: -fstack-protector, it seems setting "-fstack-protector-strong" is better than "-fstack-protector".
Currently in configure.ac, "-fstack-protector" is set.
Seeing a document about it [1], it looks "-fstack-protector-strong" is supported from gcc-4.9.
I prepared the pull-request here. [2]
If gcc is >= 4.9 (but I did >=5 simplify the logic), use "-fstack-protector-strong", otherwise use "-fstack-protector".
How do you think?
[1] https://lwn.net/Articles/584225/
[2] https://gcc.gnu.org/ml/gcc-patches/2012-06/msg00974.html
[3] https://github.com/ruby/ruby/pull/1944
Updated by nobu (Nobuyoshi Nakada) over 5 years ago
- Status changed from Open to Closed
Applied in changeset trunk|r64614.
configure.ac: -fstack-protector-strong
- configure.ac: use -fstack-protector-strong if available instead of
-fstack-protector conditionally. [ruby-core:88788] [Misc #15053]
Updated by jaruga (Jun Aruga) over 5 years ago
Thank you for fixing this issue quickly!