robert at linuxfromscratch.org
Wed Jul 5 22:37:14 PDT 2006
I have modified the specs_x86 patch to do a check for __stack_chk_. It
compiles conftest.c linked to --with-dynamic-linker, then readelf's conftest
for the name of libc.so, then objdump libc.so and look for __stack_chk_. I
only tested on glibc, but it should work with uClibc.
uClibc-0.9.28's issues with gcc-4.1 may not be -fstack-protector. I currently
suspect its -fpic passed to executables. Or both. I had -fstack-protector
with uClibc-0.9.28 working fine until I used -fpic in the gcc specs file.
I'm also reconsidering the cross compiling, it may not be needed.
And later on, I'm considering building all suid programs with libmudflap for
maximum protection. Most suid programs have a finite runtime. With libmudflap
they will run slower but for suid's it's worth it.
More information about the hlfs-dev