[PATCH libevdev 2/2] Reintroduce -fstack-protector

Colin Walters walters at verbum.org
Fri Sep 13 08:00:02 PDT 2013


On Fri, 2013-09-13 at 11:43 +0200, Giovanni Campagna wrote:

> I must say, I don't know why it would fail (libssp appears to be
> enabled in the build configuration!) or why it would fail for libevdev
> and not for systemd.
> CCing Colin, who is maintaining the ostree build and probably knows more.
                                      ^ gnome-continuous now

So from what I can tell the stack protector really needs the entire
system to be consistently compiled with it.

At a high level, I think components (git repositories) should feel free
to set up default warning flags and possibly use a targeted subset of
-Werror=foo.  But please don't inject non-warning flags like this unless
there is a very good reason.

The right way to do -fstack-protector is to have something like
redhat-rpm-config or other global CFLAGS system controlling *all*
components.

If for example I wanted to disable the stack protector to debug
something, it becomes really tedious to track down which components have
-fstack-protector in their default configure.ac.

If you want it on as a developer just running "configure/make" manually,
it's pretty easy to make your own shell script alias that does:
env NOCONFIGURE=1 ./autogen.sh ; env CFLAGS='-fstack-protector-all -Wall
-Werror' ./configure --prefix=...

gnome-continuous is carrying patches to remove it from SPICE for this
reason.

...

Ok so I just debugged this, the reason it's failing is because tools/ is
not using -fstack-protector.  Patch attached.

But please also consider dropping it per my rationale above.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-build-Also-honor-CFLAGS-in-tools.patch
Type: text/x-patch
Size: 691 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/input-tools/attachments/20130913/d453ec20/attachment.bin>


More information about the Input-tools mailing list