| Summary: | sys-libs/glibc: Always enable stack guard randomization | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Arfrever Frehtes Taifersar Arahesis <arfrever.fta> |
| Component: | Current packages | Assignee: | Gentoo Toolchain Maintainers <toolchain> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
commit 28ec20d517e494deed48497b1c478f5bd4dff1a6 Author: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> Date: Wed Jun 14 17:00:32 2017 +0200 toolchain-glibc.eclass: Always enable stack guard randomization (bug #621742). Signed-off-by: Matthias Maier <tamiko@gentoo.org> |
I suggest that stack guard randomization be always enabled, instead of only in hardened systems. I have been using sys-libs/glibc built with stack guard randomization enabled on non-hardened system for 4 months without any problems. "hardened" USE flag of sys-libs/glibc is currently masked in non-hardened profiles. --- eclass/toolchain-glibc.eclass +++ eclass/toolchain-glibc.eclass @@ -780,7 +780,7 @@ [[ -d ports ]] && addons+=",ports" popd > /dev/null - myconf+=( $(use_enable hardened stackguard-randomization) ) + myconf+=( --enable-stackguard-randomization ) if has_version '<sys-libs/glibc-2.13' ; then myconf+=( --enable-old-ssp-compat ) fi