DragonFly kernel List (threaded) for 2003-12
Re: propolice for GCC?
> It is a modification of gcc not stack protection built into the kernel.
> Thats just showing the symbol inside the kernel binary, thus showing
> that the kernel was compiled with gcc that had the propolice modification.
> I can't think over any benefit from compiling the kernel with propolice,
> from compiling userland items and libraries with it. I think it would be ok
> to build world with it by default but not on by default for everything else.
Why not have propolice build the kernel as well? If it catches a stack
overflow propolice should shut it down with the handler. This should
protect against LKM stack exploits (unless I'm really missing something
which would not be unusual :-)
> Since a new gcc is in the pipeline for the next few months has anyone
> looked at added these patches to gcc-3.3 or 3.4 ?
Yes, there are 3.3 patches available as well.