Stack Smashing Protection - are we obsolete?

Arkadiusz Miśkiewicz arekm at
Fri Sep 18 21:57:46 CEST 2015

On Friday 18 of September 2015, Tomasz Pala wrote:
> I've been searching this for an hour now but can't find any discussion on
> this - why do we have (rpm/
> %_ssp_cflags	-fstack-protector --param=ssp-buffer-size=4
> instead superior -fstack-protector-strong which seems to be taken as
> default in many distros, even on gcc level?

Looks like our version was used by distros back then... I have no problems 
with switching to -fstack-protector-strong.
"Prior to GCC 4.9, `-fstack-protector --param ssp-buffer-size=4' is used to 
cover functions that defines a 4 or more byte local character array, which is 
an okay balance for security and performance. For those who want to protect 
all the functions then -fstack-protector-all is recommended.

Since GCC 4.9, -fstack-protector-strong, an improved version of -fstack-
protector is introduced, which covers all the more paranoid conditions that 
might lead to a stack overflow but not trade performance like -fstack-
protector-all, thus it becomes default."

Arkadiusz Miśkiewicz, arekm / ( | )

More information about the pld-devel-en mailing list