1 |
> there should be a way of turning these off systematically. the |
2 |
> advantage of the current hardened gcc specs is that one can switch |
3 |
> between them using gcc-config. if these are forced on for the default |
4 |
> profile then there will be no easy way to systematically turn them off. |
5 |
|
6 |
No - there won't be an easy way for systematically turning off |
7 |
SSP and PIE in 17.0 profiles [1,2]. |
8 |
|
9 |
The hardened toolchain with its different gcc profiles came from a time |
10 |
where SSP and PIE were relatively new security features and a certain |
11 |
amount of fine-grained control was needed. Further, at that time we were |
12 |
talking about external patches against gcc. Nowadays everything is |
13 |
upstreamed and (almost) no patches to gcc for hardened profiles are |
14 |
applied any more. |
15 |
|
16 |
Given the fact that all major linux distributions are following the path |
17 |
of improved default hardening features (see for example [1]) and that we |
18 |
have been using ssp/pie in hardened profiles for years now the purpose |
19 |
of fine-grained control over ssp/pie is also highly questionable. |
20 |
|
21 |
The consensus at the moment is that PIE and SSP (as well as stricter |
22 |
linker flags) will soon be standard (or, actually *are* already |
23 |
standard) compilation options. A per-package override (if absoluetely |
24 |
needed) is fine - and, in fact, already in place everywhere where |
25 |
needed. |
26 |
|
27 |
Thus, we should go with the time and simply force these well tested |
28 |
hardening features on platforms that support it. |
29 |
|
30 |
Best, |
31 |
Matthias |
32 |
|
33 |
[1] for amd64/x86 and well supported profiles |
34 |
|
35 |
[2] there is always the possibility to override forced use flags |
36 |
|
37 |
[1] https://wiki.debian.org/Hardening/PIEByDefaultTransition |