Control: severity -1 important Control: tag -1 confirmed On Sun, 2014-08-03 at 11:42 +0200, Laurent Bonnaud wrote: > Package: linux > Version: 3.14.13-2 > Severity: wishlist > > > Hi, > > the Linux kernel in Debian is currently not protected against stack attacks: > > $ grep STACKPROTECTOR /boot/config-3.14-2-amd64 > CONFIG_HAVE_CC_STACKPROTECTOR=y > # CONFIG_CC_STACKPROTECTOR is not set > CONFIG_CC_STACKPROTECTOR_NONE=y > # CONFIG_CC_STACKPROTECTOR_REGULAR is not set > # CONFIG_CC_STACKPROTECTOR_STRONG is not set > > Here is a good reference on the topic: > > https://lkml.org/lkml/2013/12/20/180 > > So could you please activate one of those options ? > > CONFIG_CC_STACKPROTECTOR_REGULAR can be activated now with gcc 4.8. > CONFIG_CC_STACKPROTECTOR_STRONG can be activated once gcc 4.9 is used > the compile the kernel. This is a regression in 3.14 - we try to enable the old option (CONFIG_CC_STACKPROTECTOR) but it can no longer be set directly. Ben. -- Ben Hutchings Kids! Bringing about Armageddon can be dangerous. Do not attempt it in your own home. - Terry Pratchett and Neil Gaiman, `Good Omens'
Attachment:
signature.asc
Description: This is a digitally signed message part