Bug 12380

Summary: CONFIG_CC_STACKPROTECTOR_STRONG is not enabled on i586-pae
Product: IPFire Reporter: Peter Müller <peter.mueller>
Component: ---Assignee: Peter Müller <peter.mueller>
Status: CLOSED CANTFIX QA Contact: Arne.F <arne.fitzenreiter>
Severity: Security    
Priority: Will affect an average number of users    
Version: 2   
Hardware: i686   
OS: All   
Bug Depends on:    
Bug Blocks: 12361    

Description Peter Müller 2020-04-14 16:06:46 UTC 
This is enabled everywhere else and recommended by the kernsec folks (https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings). In my opinion, this can be safely enabled.
Comment 1 Peter Müller 2020-04-18 08:10:52 UTC 
https://patchwork.ipfire.org/patch/2979/
Comment 2 Arne.F 2020-04-19 14:52:24 UTC 
Stackprotector was set to regular in i586-pae to ensure compatibility with paravirt virtual machines. The kernel crash with stackrotector=strong.
Comment 3 Peter Müller 2020-06-07 16:27:18 UTC 
Okay, so I am closing this as CANTFIX.