]> git.ipfire.org Git - ipfire-2.x.git/commit
projects / ipfire-2.x.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 854df4d) | patch
make.sh: Enable -fstack-clash-protection for x86_64/aarch64
authorMichael Tremer <michael.tremer@ipfire.org>
Fri, 14 Aug 2020 16:22:55 +0000 (16:22 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Sun, 16 Aug 2020 10:29:43 +0000 (10:29 +0000)
commit87f3b1e5682dbf13c9e2203ade95b55cbc91c626
tree70a615d186c5aa07dc7f014ec0797783c7df1eeetree | snapshot
parent854df4df81a435341d69761feb60c379e5e63cc4commit | diff
make.sh: Enable -fstack-clash-protection for x86_64/aarch64

This patch turns on instrumentation to avoid skipping the guard page
in large stack frames.

Without this flag, vulnerabilities can result in where the stack
overlaps with the heap, or thread stacks spill into other regions
of memory.

This flag in only available on x86_64 and aarch64.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
make.sh diff | blob | blame | history
IPFire 2.x development tree