[ubuntu-hardened] [16.04 LTS] Why Linux kernel is compiled using "-fstack-protector-all" option, instead of previously used "strong" variant?

daniel curtis sidetripping at gmail.com
Wed Sep 27 15:07:09 UTC 2017


Hello Mr Steve

>> (...) I hope this clarifies things.

Wow, this is an amazing answer! Thank You very much. So can I say, that
everything is OK and each mentioned kernels were built, compiled with
'-fstack-protector-strong' option and that you're "not quite sure why it's
not affecting the entire kernel build"? One more time, to be 100 % sure:
'-strong' variant was used, even if the build logs shows '-all'?

I mean the whole things, mentioned by you in your answer and: "that appears
to be the source of the new '-fstack-protector-all' messages in the build
log" etc. Or just maybe, I'm wrong and I didn't understand it well? If so -
I'm sorry.

Indeed, in a kernel config file, there are options related to the
'fstack-protector' (CONFIG_CC_STACKPROTECTOR_STRONG - just as an example.)
However, this time it's the latest proposed (for now) kernel v4.4.0-97.120
(which is a quite big update by the way) and - as before - built logs for
i386 and amd64 architectures contains: '-fstack-protector-all' option.


Once again: thank you both. Best regards.
.
.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20170927/80049f71/attachment.html>


More information about the ubuntu-hardened mailing list