12380 – CONFIG_CC_STACKPROTECTOR_STRONG is not enabled on i586-pae

Bug 12380 - CONFIG_CC_STACKPROTECTOR_STRONG is not enabled on i586-pae

Summary: CONFIG_CC_STACKPROTECTOR_STRONG is not enabled on i586-pae

Status:	CLOSED CANTFIX

Alias:	None

Product:	IPFire
Classification:	Unclassified
Component:	--- (show other bugs)
Version:	2
Hardware:	i686 All

Importance:	Will affect an average number of users Security
Assignee:	Peter Müller
QA Contact:	Arne.F

URL:
Keywords:

Depends on:
Blocks:	KERNSEC
	Show dependency tree / graph

Reported:	2020-04-14 16:06 UTC by Peter Müller
Modified:	2020-06-07 16:27 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Peter Müller 2020-04-14 16:06:46 UTC

This is enabled everywhere else and recommended by the kernsec folks (https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings). In my opinion, this can be safely enabled.

Comment 1 Peter Müller 2020-04-18 08:10:52 UTC

https://patchwork.ipfire.org/patch/2979/

Comment 2 Arne.F 2020-04-19 14:52:24 UTC

Stackprotector was set to regular in i586-pae to ensure compatibility with paravirt virtual machines. The kernel crash with stackrotector=strong.

Comment 3 Peter Müller 2020-06-07 16:27:18 UTC

Okay, so I am closing this as CANTFIX.