diff options
| author | Robin Gloster <mail@glob.in> | 2016-02-22 00:33:01 +0000 |
|---|---|---|
| committer | Robin Gloster <mail@glob.in> | 2016-02-22 00:33:01 +0000 |
| commit | fda63b8b579aff758ae92e7e1a65a5a480231c6b (patch) | |
| tree | 5ffece42290b5d2fea503b9d37295d628ef71005 /doc | |
| parent | 911d22f88dd4b24230caa120cdaf8b02cf0eb427 (diff) | |
| download | nixlib-fda63b8b579aff758ae92e7e1a65a5a480231c6b.tar nixlib-fda63b8b579aff758ae92e7e1a65a5a480231c6b.tar.gz nixlib-fda63b8b579aff758ae92e7e1a65a5a480231c6b.tar.bz2 nixlib-fda63b8b579aff758ae92e7e1a65a5a480231c6b.tar.lz nixlib-fda63b8b579aff758ae92e7e1a65a5a480231c6b.tar.xz nixlib-fda63b8b579aff758ae92e7e1a65a5a480231c6b.tar.zst nixlib-fda63b8b579aff758ae92e7e1a65a5a480231c6b.zip | |
nixpkgs docs: stackprotector hardening
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/stdenv.xml | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/doc/stdenv.xml b/doc/stdenv.xml index 0c2bb0339578..51a27dcdbc08 100644 --- a/doc/stdenv.xml +++ b/doc/stdenv.xml @@ -1342,6 +1342,22 @@ in the default system locations.</para> cc1plus: some warnings being treated as errors </programlisting></listitem> </varlistentry> + + <varlistentry> + <term><varname>hardening_stackprotector</varname></term> + <listitem><para>Adds the <option>-fstack-protector-strong</option> + compiler options. This adds safety checks against stack overwrites + rendering many potential code injection attacks into aborting situations. + In the best case this turns code injection vulnerabilities into denial + of service or into non-issues (depending on the application).</para> + + <para>This needs to be turned off or fixed for errors similar to:</para> + + <programlisting> +bin/blib.a(bios_console.o): In function `bios_handle_cup': +/tmp/nix-build-ipxe-20141124-5cbdc41.drv-0/ipxe-5cbdc41/src/arch/i386/firmware/pcbios/bios_console.c:86: undefined reference to `__stack_chk_fail' + </programlisting></listitem> + </varlistentry> </variablelist> </section> |