1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
Index: gcc/doc/invoke.texi
===================================================================
RCS file: /cvsroot/gcc/gcc/gcc/doc/invoke.texi,v
retrieving revision 1.364
diff -c -3 -p -r1.364 invoke.texi
*** gcc/doc/invoke.texi 21 Nov 2003 11:42:58 -0000 1.364
--- gcc/doc/invoke.texi 22 Nov 2003 08:12:35 -0000
*************** in the following sections.
*** 228,234 ****
-Wno-multichar -Wnonnull -Wpacked -Wpadded @gol
-Wparentheses -Wpointer-arith -Wredundant-decls @gol
-Wreturn-type -Wsequence-point -Wshadow @gol
! -Wsign-compare -Wstrict-aliasing @gol
-Wswitch -Wswitch-default -Wswitch-enum @gol
-Wsystem-headers -Wtrigraphs -Wundef -Wuninitialized @gol
-Wunknown-pragmas -Wunreachable-code @gol
--- 228,234 ----
-Wno-multichar -Wnonnull -Wpacked -Wpadded @gol
-Wparentheses -Wpointer-arith -Wredundant-decls @gol
-Wreturn-type -Wsequence-point -Wshadow @gol
! -Wsign-compare -Wstack-protector -Wstrict-aliasing @gol
-Wswitch -Wswitch-default -Wswitch-enum @gol
-Wsystem-headers -Wtrigraphs -Wundef -Wuninitialized @gol
-Wunknown-pragmas -Wunreachable-code @gol
*************** in the following sections.
*** 681,686 ****
--- 681,687 ----
-fshort-double -fshort-wchar @gol
-fverbose-asm -fpack-struct -fstack-check @gol
-fstack-limit-register=@var{reg} -fstack-limit-symbol=@var{sym} @gol
+ -fstack-protector -fstack-protector-all @gol
-fargument-alias -fargument-noalias @gol
-fargument-noalias-global -fleading-underscore @gol
-ftls-model=@var{model} @gol
*************** effectively. Often, the problem is that
*** 3014,3019 ****
--- 3015,3024 ----
complex; GCC will refuse to optimize programs when the optimization
itself is likely to take inordinate amounts of time.
+ @item -Wstack-protector
+ @opindex Wstack-protector
+ Warn when not issuing stack smashing protection for some reason
+
@item -Werror
@opindex Werror
Make all warnings into errors.
*************** and grows downwards, you can use the fla
*** 11474,11479 ****
--- 11479,11502 ----
@option{-fstack-limit-symbol=__stack_limit} and
@option{-Wl,--defsym,__stack_limit=0x7ffe0000} to enforce a stack limit
of 128KB@. Note that this may only work with the GNU linker.
+
+ @item -fstack-protector
+ @item -fstack-protector-all
+ @opindex fstack-protector
+ @opindex fstack-protector-all
+ @opindex fno-stack-protector
+ Generate code to protect an application from a stack smashing
+ attack. The features are (1) the insertion of random value next to the
+ frame pointer to detect the integrity of the stack, (2) the reordering
+ of local variables to place buffers after pointers to avoid the
+ corruption of pointers that could be used to further corrupt arbitrary
+ memory locations, (3) the copying of pointers in function arguments to
+ an area preceding local variable buffers to prevent the corruption of
+ pointers that could be used to further corrupt arbitrary memory
+ locations, and the (4) omission of instrumentation code from some
+ functions to decrease the performance overhead. If the integrity
+ would be broken, the program is aborted. If no-stack-protector is
+ specified, instrumentation codes are generated at every functions.
@cindex aliasing of parameters
@cindex parameters, aliased
|
