[OpenWrt-Devel] Fix for missing kernel stack-protector in x86_64 glibc builds

Ian Cooper iancooper at hotmail.com
Mon May 25 10:23:56 EDT 2020

Yes, it appears we can handle uclibc the same way

Uclibc-ng supports SSP in the library itself, so use of GCC_LIBSSP can eliminated. I'll do some testing ...

        bool "Support for GCC stack smashing protector"
        depends on !HAVE_NO_SSP
          Add code to support GCC's -fstack-protector[-all] option to uClibc.
          This requires GCC 4.1 or newer.  GCC does not have to provide libssp,
          the needed functions are added to ldso/libc instead.

          GCC's stack protector is a reimplementation of IBM's propolice.
          See http://www.trl.ibm.com/projects/security/ssp/ and
          for details.

          Note that NOEXECSTACK on a kernel with address space randomization
          is generally sufficient to prevent most buffer overflow exploits
          without increasing code size.  This option essentially adds debugging
          code to catch them. 

> -----Original Message-----
> From: Hauke Mehrtens [mailto:hauke at hauke-m.de]
> Sent: 24 May 2020 13:33
> To: Ian Cooper <iancooper at hotmail.com>; openwrt-
> devel at lists.openwrt.org
> Subject: Re: [OpenWrt-Devel] Fix for missing kernel stack-protector in
> x86_64 glibc builds
> Does anyone know if we can handle uclibc the same way? It would be nice to
> reduce the special handling in general.
> Hauke

openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list