summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartynas Venckus <martynas@cvs.openbsd.org>2014-03-30 01:11:01 +0000
committerMartynas Venckus <martynas@cvs.openbsd.org>2014-03-30 01:11:01 +0000
commit7bf4a33088199e8f723ff2aae3c474467705377f (patch)
treeebe5cd86310f5c68913be4276cb58061b08c7055
parentf5554fc467f3b8400a0af1c17a269c12d039c4c9 (diff)
Change the heuristics of -fstack-protector to select to protect
additional functions --- those that have local array definitions, or have references to local frame addresses. Note that upstream uses -fstack-protector-strong and misleads people: -fstack-protector, -fstack-protector-all, -fstack-protector-strong can you tell which one is safe? Luckily, OpenBSD has its own compiler and is able to do the right thing for security: this is enabled by default, and called -fstack-protector. OK deraadt@, miod@. Tested for 3 months.
-rw-r--r--gnu/gcc/gcc/common.opt2
-rw-r--r--gnu/gcc/gcc/toplev.c2
2 files changed, 2 insertions, 2 deletions
diff --git a/gnu/gcc/gcc/common.opt b/gnu/gcc/gcc/common.opt
index de1ae3c59a4..c309c43249f 100644
--- a/gnu/gcc/gcc/common.opt
+++ b/gnu/gcc/gcc/common.opt
@@ -863,7 +863,7 @@ Common RejectNegative Joined
-fstack-limit-symbol=<name> Trap if the stack goes past symbol <name>
fstack-protector
-Common Report Var(flag_stack_protect, 1) Init(-1)
+Common Report Var(flag_stack_protect, 3) Init(-1)
Use propolice as a stack protection method
fstack-protector-all
diff --git a/gnu/gcc/gcc/toplev.c b/gnu/gcc/gcc/toplev.c
index 5d438e0de27..ae2185c0b18 100644
--- a/gnu/gcc/gcc/toplev.c
+++ b/gnu/gcc/gcc/toplev.c
@@ -1834,7 +1834,7 @@ process_options (void)
/* Targets must be able to place spill slots at lower addresses. If the
target already uses a soft frame pointer, the transition is trivial. */
if (flag_stack_protect == -1)
- flag_stack_protect = FRAME_GROWS_DOWNWARD ? 1 : 0;
+ flag_stack_protect = FRAME_GROWS_DOWNWARD ? 3 : 0;
if (!FRAME_GROWS_DOWNWARD && flag_stack_protect)
{
warning (0, "-fstack-protector not supported for this target");