mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-18 15:56:50 +01:00
3ba99f83a7
Enables previously manually disabled stackprotector and stackguard randomization. From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511811: If glibc is built with the --enable-stackguard-randomization option, each application gets a random canary value (at runtime) from /dev/urandom. If --enable-stackguard-randomization is absent, applications get a static canary value of "0xff0a0000". This is very unfortunate, because the attacker may be able to bypass the stack protection mechanism, by placing those 4 bytes in the canary word, before the actual canary check is performed (for example in memcpy-based buffer overflows). |
||
---|---|---|
.. | ||
common.nix | ||
default.nix | ||
dont-use-system-ld-so-cache.patch | ||
dont-use-system-ld-so-preload.patch | ||
fix_path_attribute_in_getconf.patch | ||
glibc-crypt-blowfish.patch | ||
glibc-remove-datetime-from-nscd.patch | ||
info.nix | ||
locales-builder.sh | ||
locales.nix | ||
multi.nix | ||
nix-locale-archive.patch | ||
rpcgen-path.patch |