diff mbox series

[2/4] configure: Default --enable-stack-protector to strong

Message ID 20230629184156.2789945-3-siddhesh@sourceware.org
State New
Headers show
Series Update default build configuration | expand

Commit Message

Siddhesh Poyarekar June 29, 2023, 6:41 p.m. UTC 
All major distributions use this level of stack protector, so make it
the default.

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
---
 INSTALL             | 3 ++-
 NEWS                | 4 ++++
 configure           | 2 +-
 configure.ac        | 2 +-
 manual/install.texi | 3 ++-
 5 files changed, 10 insertions(+), 4 deletions(-)
diff mbox series

Patch

diff --git a/INSTALL b/INSTALL
index a1e189eb9f..f02358e933 100644
--- a/INSTALL
+++ b/INSTALL
@@ -196,13 +196,14 @@  if ‘CFLAGS’ is specified it must enable optimization.  For example:
 ‘--enable-stack-protector’
 ‘--enable-stack-protector=strong’
 ‘--enable-stack-protector=all’
+‘--enable-stack-protector=no’
      Compile the C library and all other parts of the glibc package
      (including the threading and math libraries, NSS modules, and
      transliteration modules) using the GCC ‘-fstack-protector’,
      ‘-fstack-protector-strong’ or ‘-fstack-protector-all’ options to
      detect stack overruns.  Only the dynamic linker and a small number
      of routines called directly from assembler are excluded from this
-     protection.
+     protection.  This option is enabled by default and set to ‘strong’.
 
 ‘--enable-bind-now’
      Disable lazy binding for installed shared objects and programs.
diff --git a/NEWS b/NEWS
index 709ee40e50..47ec0b741c 100644
--- a/NEWS
+++ b/NEWS
@@ -48,6 +48,10 @@  Major new features:
 * The strlcpy and strlcat functions have been added.  They are derived
   from OpenBSD, and are expected to be added to a future POSIX version.
 
+* The GNU C Library is now built with -fstack-protector-strong by
+  default.  This may be overridden by using the --enable-stack-protector
+  configure option.
+
 Deprecated and removed features, and other changes affecting compatibility:
 
 * In the Linux kernel for the hppa/parisc architecture some of the
diff --git a/configure b/configure
index 11538ee1b3..863621cabf 100755
--- a/configure
+++ b/configure
@@ -4462,7 +4462,7 @@  if test ${enable_stack_protector+y}
 then :
   enableval=$enable_stack_protector; enable_stack_protector=$enableval
 else $as_nop
-  enable_stack_protector=no
+  enable_stack_protector=strong
 fi
 
 case "$enable_stack_protector" in
diff --git a/configure.ac b/configure.ac
index 18bb989ade..d85452b3b3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -228,7 +228,7 @@  AC_ARG_ENABLE([stack-protector],
 	      AS_HELP_STRING([--enable-stack-protector=@<:@yes|no|all|strong@:>@],
 			     [Use -fstack-protector[-all|-strong] to detect glibc buffer overflows]),
 	      [enable_stack_protector=$enableval],
-	      [enable_stack_protector=no])
+	      [enable_stack_protector=strong])
 case "$enable_stack_protector" in
 all|yes|no|strong) ;;
 *) AC_MSG_ERROR([Not a valid argument for --enable-stack-protector: "$enable_stack_protector"]);;
diff --git a/manual/install.texi b/manual/install.texi
index 52eb2d8a23..b1aa5eb60c 100644
--- a/manual/install.texi
+++ b/manual/install.texi
@@ -222,13 +222,14 @@  time.  Consult the @file{timezone} subdirectory for more details.
 @item --enable-stack-protector
 @itemx --enable-stack-protector=strong
 @itemx --enable-stack-protector=all
+@itemx --enable-stack-protector=no
 Compile the C library and all other parts of the glibc package
 (including the threading and math libraries, NSS modules, and
 transliteration modules) using the GCC @option{-fstack-protector},
 @option{-fstack-protector-strong} or @option{-fstack-protector-all}
 options to detect stack overruns.  Only the dynamic linker and a small
 number of routines called directly from assembler are excluded from this
-protection.
+protection.  This option is enabled by default and set to @option{strong}.
 
 @item --enable-bind-now
 Disable lazy binding for installed shared objects and programs.  This