aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorGavin Andresen <gavinandresen@gmail.com>2011-10-24 11:29:32 -0700
committerGavin Andresen <gavinandresen@gmail.com>2011-10-24 11:29:32 -0700
commitd760b5c97957ae2484c20890ffd67fb633afca9c (patch)
tree75456ada2427de3ffe813d01d1cfb668e8a1278b /src
parentcf908574cf4c24fd1d7ba7f5e1d9ff577f0b0ad2 (diff)
parent1e5f9393818cdc2264e7e44ed17291366da3dcb9 (diff)
Merge pull request #586 from cjdelisle/hardening-bug-workaround
Added a workaround for an Ubuntu bug which causes -fstack-protector-all t
Diffstat (limited to 'src')
-rw-r--r--src/makefile.unix7
1 files changed, 6 insertions, 1 deletions
diff --git a/src/makefile.unix b/src/makefile.unix
index 871aedd1ad..5f841ea0fe 100644
--- a/src/makefile.unix
+++ b/src/makefile.unix
@@ -51,12 +51,17 @@ LIBS+= \
# Hardening
# Make some classes of vulnerabilities unexploitable in case one is discovered.
#
+ # This is a workaround for Ubuntu bug #691722, the default -fstack-protector causes
+ # -fstack-protector-all to be ignored unless -fno-stack-protector is used first.
+ # see: https://bugs.launchpad.net/ubuntu/+source/gcc-4.5/+bug/691722
+ HARDENING=-fno-stack-protector
+
# Stack Canaries
# Put numbers at the beginning of each stack frame and check that they are the same.
# If a stack buffer if overflowed, it writes over the canary number and then on return
# when that number is checked, it won't be the same and the program will exit with
# a "Stack smashing detected" error instead of being exploited.
- HARDENING=-fstack-protector-all -Wstack-protector
+ HARDENING+=-fstack-protector-all -Wstack-protector
# Make some important things such as the global offset table read only as soon as
# the dynamic linker is finished building it. This will prevent overwriting of addresses