From: Linus Torvalds Date: Fri, 22 Feb 2008 16:21:38 +0000 (-0800) Subject: Mark CC_STACKPROTECTOR as being BROKEN X-Git-Tag: v2.6.25-rc3~89 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2c020a99e058cdfc3a073cbfbfcc6ff55d3bfc43;p=linux-2.6 Mark CC_STACKPROTECTOR as being BROKEN It's always been broken, but recent fixes actually made it do something, and now the brokenness shows up as the resulting kernel simply not working at all. So it used to be that you could enable this config option, and it just didn't do anything. Now we'd better stop people from enabling it by mistake, since it _does_ do something, but does it so badly as to be unusable. Code to actually make it work is pending, but incomplete and won't be merged into 2.6.25 in any case. Acked-by: Arjan van de Ven Acked-by: Sam Ravnborg Cc: James Morris Cc: Ingo Molnar Signed-off-by: Linus Torvalds --- diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 3be2305709..4a88cf7695 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1054,7 +1054,7 @@ config SECCOMP config CC_STACKPROTECTOR bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)" - depends on X86_64 && EXPERIMENTAL + depends on X86_64 && EXPERIMENTAL && BROKEN help This option turns on the -fstack-protector GCC feature. This feature puts, at the beginning of critical functions, a canary