1. 14 Feb, 2008 1 commit
    • Sam Ravnborg's avatar
      kbuild: allow -fstack-protector to take effect · e06b8b98
      Sam Ravnborg authored
      Arjan van de Ven <arjan@infradead.org> wrote:
      ===
      I just read the excellent LWN writeup of the vmsplice
      security thing, and that got me wondering why this attack
      wasn't stopped by the CONFIG_CC_STACKPROTECTOR option...
      because it plain should have been...
      
      Some analysis later.. it turns out that the following line
      in the top level Makefile, added by you in October 2007,
      entirely disables CONFIG_CC_STACKPROTECTOR ;(
      With this line removed the exploit will be nicely stopped.
      
      CFLAGS          += $(call cc-option, -fno-stack-protector)
      
      Now I realize that certain distros have patched gcc to
      compensate for their lack of distro wide CFLAGS, and it's
      great to work around that... but would there be a way to NOT
      disable this for CONFIG_CC_STACKPROTECTOR please?
      It would have made this exploit not possible for those kernels
      that enable this feature (and that includes distros like Fedora)
      ===
      
      Move the assignment to KBUILD_CFLAGS up before including
      the arch specific Makefile so arch makefiles may override
      the setting.
      Signed-off-by: default avatarSam Ravnborg <sam@ravnborg.org>
      Cc: Arjan van de Ven <arjan@infradead.org>
      Cc: stable@kernel.org
      e06b8b98
  2. 13 Feb, 2008 24 commits
  3. 12 Feb, 2008 10 commits
  4. 11 Feb, 2008 5 commits