| 1 |
On Sat, 17 Jun 2017 14:43:24 +0300 |
| 2 |
Andrew Savchenko <bircoph@g.o> wrote: |
| 3 |
|
| 4 |
> On Thu, 15 Jun 2017 19:52:07 -0500 Matthias Maier wrote: |
| 5 |
> > > there should be a way of turning these off systematically. the |
| 6 |
> > > advantage of the current hardened gcc specs is that one can switch |
| 7 |
> > > between them using gcc-config. if these are forced on for the |
| 8 |
> > > default profile then there will be no easy way to systematically |
| 9 |
> > > turn them off. |
| 10 |
> > |
| 11 |
> > No - there won't be an easy way for systematically turning off |
| 12 |
> > SSP and PIE in 17.0 profiles [1,2]. |
| 13 |
> > |
| 14 |
> > The hardened toolchain with its different gcc profiles came from a |
| 15 |
> > time where SSP and PIE were relatively new security features and a |
| 16 |
> > certain amount of fine-grained control was needed. Further, at that |
| 17 |
> > time we were talking about external patches against gcc. Nowadays |
| 18 |
> > everything is upstreamed and (almost) no patches to gcc for |
| 19 |
> > hardened profiles are applied any more. |
| 20 |
> > |
| 21 |
> > Given the fact that all major linux distributions are following the |
| 22 |
> > path of improved default hardening features (see for example [1]) |
| 23 |
> > and that we have been using ssp/pie in hardened profiles for years |
| 24 |
> > now the purpose of fine-grained control over ssp/pie is also highly |
| 25 |
> > questionable. |
| 26 |
> > |
| 27 |
> > The consensus at the moment is that PIE and SSP (as well as stricter |
| 28 |
> > linker flags) will soon be standard (or, actually *are* already |
| 29 |
> > standard) compilation options. A per-package override (if |
| 30 |
> > absoluetely needed) is fine - and, in fact, already in place |
| 31 |
> > everywhere where needed. |
| 32 |
> |
| 33 |
> Gentoo is all about choice, remember? :) |
| 34 |
> |
| 35 |
> It is really good to have them by default, it is bad to force them |
| 36 |
> on everyone. Security is not always of paramount importance |
| 37 |
> comparing to other factors, sometimes performance matters more, |
| 38 |
> e.g. in isolated and restricted non-public HPC environment. |
| 39 |
> |
| 40 |
> PIE, SSP may lead up to 8% of performance loss[1]. The |
| 41 |
> stack-protector (especially stack-protector-all or -strong) may |
| 42 |
> cause even more damage. For compute nodes this may be equivalent to |
| 43 |
> millions USD loss (depends on the system scale of course). |
| 44 |
|
| 45 |
This can probably be fixed by a gcc-config target disabling those as it |
| 46 |
used to be the case on hardened |
Archives