linux: Enable stack protector

This may prevent exploitation of buffer overflows.
2013-08-01 00:38:54 +02:00 · 2013-08-01 00:38:54 +02:00 · f2f00c56e4
parent c564d012f8
commit f2f00c56e4
1 changed files with 1 additions and 0 deletions
--- a/pkgs/os-specific/linux/kernel/common-config.nix
+++ b/pkgs/os-specific/linux/kernel/common-config.nix
@ -165,6 +165,7 @@ with stdenv.lib;
  STRICT_DEVMEM y # Filter access to /dev/mem
  SECURITY_SELINUX_BOOTPARAM_VALUE 0 # Disable SELinux by default
  DEVKMEM n # Disable /dev/kmem
+  CC_STACKPROTECTOR y # Detect buffer overflows on the stack

  # Misc. options.
  8139TOO_8129 y