Hi,
What is the rationale for why CC_STACKPROTECTOR_ALL is forced when using
CC_STACKPROTECTOR? I would have expected _ALL to be a separate option
(as it was in earlier versions), but it seems it is forced on by commit
113c5413cf9051cc50b88befdc42e3402bb92115.
Thanks,
-Kees
--
Kees Cook
Ubuntu Security Team
* Kees Cook <[email protected]> wrote:
> Hi,
>
> What is the rationale for why CC_STACKPROTECTOR_ALL is forced when
> using CC_STACKPROTECTOR? I would have expected _ALL to be a
> separate option (as it was in earlier versions), but it seems it
> is forced on by commit 113c5413cf9051cc50b88befdc42e3402bb92115.
it used to be a separate option. I merged them into one, because we
had too many options really, and because the vmsplice exploit would
only have been caught by the _ALL variant. So the 'light' variant
never really worked well IMO.
Ingo