|
|
@@ -241,7 +241,8 @@ glibc 2.16 and later.
|
|
|
.B stackprotector
|
|
|
This setting (enabled by default) adds
|
|
|
.B \-fstack-protector \-\-param=ssp\-buffer\-size=4
|
|
|
-to \fBCFLAGS\fP and \fBCXXFLAGS\fP. This adds safety checks against stack
|
|
|
+to \fBCFLAGS\fP, \fBCXXFLAGS\fP, \fBGCJFLAGS\fP and \fBFFLAGS\fP.
|
|
|
+This adds safety checks against stack
|
|
|
overwrites. This renders many potential code injection attacks into
|
|
|
aborting situations. In the best case this turns code injection
|
|
|
vulnerabilities into denial of service or into non-issues (depending on
|
|
|
@@ -271,8 +272,9 @@ above). The option cannot become enabled if \fBrelro\fP is not enabled.
|
|
|
.
|
|
|
.TP
|
|
|
.B pie
|
|
|
-This setting (disabled by default) adds \fB\-fPIE\fP to \fBCFLAGS\fP and
|
|
|
-\fBCXXFLAGS\fP, and \fB\-fPIE \-pie\fP to \fBLDFLAGS\fP. Position Independent
|
|
|
+This setting (disabled by default) adds \fB\-fPIE\fP to \fBCFLAGS\fP,
|
|
|
+\fBCXXFLAGS\fP, \fBGCJFLAGS\fP and \fBFFLAGS\fP,
|
|
|
+and \fB\-fPIE \-pie\fP to \fBLDFLAGS\fP. Position Independent
|
|
|
Executable are needed to take advantage of Address Space Layout
|
|
|
Randomization, supported by some kernel versions. While ASLR can already
|
|
|
be enforced for data areas in the stack and heap (brk and mmap), the code
|