[patch 2/5] Add the Kconfig option for the stackprotector feature

From: Arjan van de Ven
Date: Fri Jul 28 2006 - 12:05:31 EST

Subject: [patch 2/5] Add the Kconfig option for the stackprotector feature
From: Arjan van de Ven <arjan@xxxxxxxxxxxxxxx>

This patch adds the config options for -fstack-protector.

Signed-off-by: Arjan van de Ven <arjan@xxxxxxxxxxxxxxx>
Signed-off-by: Ingo Molnar <mingo@xxxxxxx>
CC: Andi Kleen <ak@xxxxxxx>

arch/x86_64/Kconfig | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)

Index: linux-2.6.18-rc2-git5-stackprot/arch/x86_64/Kconfig
--- linux-2.6.18-rc2-git5-stackprot.orig/arch/x86_64/Kconfig
+++ linux-2.6.18-rc2-git5-stackprot/arch/x86_64/Kconfig
@@ -522,6 +522,31 @@ config SECCOMP

If unsure, say Y. Only embedded should say N here.

+ bool "Enable -fstack-protector buffer overflow detection (EXPRIMENTAL)"
+ depends on EXPERIMENTAL
+ default n
+ help
+ This option turns on the -fstack-protector GCC feature that is new
+ in GCC version 4.1. This feature puts, at the beginning of
+ critical functions, a canary value on the stack just before the return
+ address, and validates the value just before actually returning.
+ Stack based buffer overflows that need to overwrite this return
+ address now also overwrite the canary, which gets detected.
+ This feature requires gcc version 4.2 or above, or a distribution
+ gcc with the feature backported. For older gcc versions, this is a NOP.
+ bool "Use stack-protector for all functions"
+ default n
+ help
+ Normally, GCC only inserts the canary value protection for
+ functions that use large-ish on-stack buffers. By enabling
+ this option, GCC will be asked to do this for ALL functions.
source kernel/Kconfig.hz

config REORDER

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/