[695333 views]

[]

[toggle ads]

Odi's astoundingly incomplete notes

New entries | Code

fix Stack Clash on Gentoo

The Stack Clash class of bugs can be easily prevented on Gentoo.

1. Add -fstack-check to your CFLAGS. It instructs the compiler to touch every page when extending the stack by more than one page. So the kernel will trap in the guard page. This even makes the larger stack gap in recent kernels unnecessary (if you don't run other binaries)

/etc/portage/make.conf:
CFLAGS="-march=native -O2 -pipe -fstack-check"

2. Recompile important libraries (like openssl) and programs (setuid root binaries in shadow and util-linux) or simply everything: emerge -ae world

As always, keep your system uptodate regularly: emerge -uavD world

posted on 2017-06-27 15:15 CEST in Code | 0 comments | permalink