[Commotion-dev] Stack Smashing Protection on OpenWRT
L. Aaron Kaplan
aaron at lo-res.org
Sat Feb 8 09:50:13 UTC 2014
On Feb 7, 2014, at 10:11 PM, Andrew Reynolds <andrew at opentechinstitute.org> wrote:
> On 02/07/2014 03:29 PM, L. Aaron Kaplan wrote:
>> On Feb 7, 2014, at 5:26 PM, Andrew Reynolds <andrew at opentechinstitute.org> wrote:
>>> Does anyone have experience with OpenWRT's stack smashing protection
>>> toolchain option? I've been trying to compile Commotion with SSP and
>>> haven't had any luck.
>>
>> Yup! I regularly have the very same issue with that in the openwrt build system.
>> Seems like it is not very well tested by developers. But IMHO that should be highly used.
>
> Well that's not the answer I was hoping for :)
sorry :)
>
> For what it's worth, I did just come across a separate toolchain config
> file containing the line "UCLIBC_HAS_SSP is not set".
>
> Running "make menuconfig" in the toolchain directory
> (<buildroot>/build_dir/toolchain-mips_r2_gcc-4.6-linaro_uClibc-0.9.33.2/uClibc-0.9.33.2/
> on our system) brought up a whole new set of features, including the
> option to pass -fstack-protector.
>
> It looks like this menu is not accessible until AFTER you've built the
> toolchain. It also passes the very conservative stack-protector, not
> stack-protector-all or stack-protector-strong.
>
> Hopefully this will do the trick.
Yeah. Let me know if it works. I have tried a couple of times and something always broke in my build process.
But again, that's some time ago when I tried it.
a.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.chambana.net/pipermail/commotion-dev/attachments/20140208/2f46f8ed/attachment.sig>
More information about the Commotion-dev
mailing list