| 1 |
dammit are we over complicating this? |
| 2 |
You guys seem to be hung up on silly USE/FEATURE flag names. |
| 3 |
How about we as Ciaran McCreesh proposed just add it to CFLAGS by |
| 4 |
default and deploy stages in such a manner. |
| 5 |
Solves everything for most cases and leave the option up to the user to |
| 6 |
disable if he/she wants to. |
| 7 |
|
| 8 |
On Thu, 2004-09-23 at 23:21, John Richard Moser wrote: |
| 9 |
> -----BEGIN PGP SIGNED MESSAGE----- |
| 10 |
> Hash: SHA1 |
| 11 |
> |
| 12 |
> I'm probably repeting myself here . . .heh. |
| 13 |
> |
| 14 |
> Thierry Carrez wrote: |
| 15 |
> | Thierry Carrez wrote: |
| 16 |
> | |
| 17 |
> | |
| 18 |
> |>Restricting ssp to daemons and +s programs is not very |
| 19 |
> |>useful. |
| 20 |
> | |
| 21 |
> | |
| 22 |
> | Clarifying this : |
| 23 |
> | |
| 24 |
> | SSP is very useful, and it should be used on all executables on a given |
| 25 |
> | machine. I don't think we should only use it to protect daemons and SUID |
| 26 |
> | programs, since a lot of buffer overflows are discovered in client |
| 27 |
> | software and they are also a way of remotely compromising a machine. If |
| 28 |
> | you protect only exposed services, attackers will turn to passive |
| 29 |
> | attacks, like virus images, to always exploit the weakest link. |
| 30 |
> | |
| 31 |
> |
| 32 |
> How about, make.conf default and make.conf.example: |
| 33 |
> |
| 34 |
> # |
| 35 |
> # The "auto-nossp" USE flag will disable -fstack-protector on ebuilds |
| 36 |
> # that take a significant hit from SSP and aren't a major security |
| 37 |
> # threat. Ebuilds that break with SSP will have SSP disabled in all |
| 38 |
> # cases anyway. |
| 39 |
> #USE="X" |
| 40 |
> ... |
| 41 |
> # |
| 42 |
> # For added security, the -fstack-protector flag can be added to prevent |
| 43 |
> # buffer overflow based attacks. -fno-stack-protector will disable this |
| 44 |
> # universally; nothing forces it on. |
| 45 |
> # |
| 46 |
> # Decent examples: |
| 47 |
> #CFLAGS="-march=i686 -O2 -pipe -fstack-protector" |
| 48 |
> #CFLAGS="-mcpu=pentium4 -O3 -pipe -fstack-protector" |
| 49 |
> |
| 50 |
> |
| 51 |
> This solution may have extra perks. As you said, more than just daemon |
| 52 |
> software is affected. Rather than tracking it all down, perhaps simply |
| 53 |
> looking for not-always-great-for-SSP things such as gcc (can you attack |
| 54 |
> gcc anyway? No really, I want to know) and have a USE flag disable SSP |
| 55 |
> for them. |
| 56 |
> |
| 57 |
> Another reason for this route would be that using -fno-stack-protector |
| 58 |
> in CFLAGS would be overriden by builds explicitely enabling |
| 59 |
> - -fstack-protector. Using -fstack-protector in CFLAGS would be overriden |
| 60 |
> by ebuilds explicitely setting -fno-stack-protector. The logical |
| 61 |
> consequences of each (i.e. when -fstack would and wouldn't be applied |
| 62 |
> based on combinations of the user and portage enabling/disabling it) in |
| 63 |
> my eyes seem better with this approach. |
| 64 |
> |
| 65 |
> It all depends on if you want fine control of programs which have SSP, |
| 66 |
> or fine control of programs which don't have SSP. This solution would |
| 67 |
> be the latter, and I think it makes more sense than the original |
| 68 |
> proposal; a wider spread usage of SSP is probably the only way to ensure |
| 69 |
> the best protection. |
| 70 |
> |
| 71 |
> Comments? |
| 72 |
> |
| 73 |
> | -K |
| 74 |
> | |
| 75 |
> | -- |
| 76 |
> | gentoo-dev@g.o mailing list |
| 77 |
> | |
| 78 |
> | |
| 79 |
> |
| 80 |
> - -- |
| 81 |
> All content of all messages exchanged herein are left in the |
| 82 |
> Public Domain, unless otherwise explicitly stated. |
| 83 |
> |
| 84 |
> -----BEGIN PGP SIGNATURE----- |
| 85 |
> Version: GnuPG v1.2.6 (GNU/Linux) |
| 86 |
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
| 87 |
> |
| 88 |
> iD8DBQFBU5K8hDd4aOud5P8RAo08AJ4xNx6IkHDjDhQX43sfKNiNJmz10wCfbrM7 |
| 89 |
> eI5ZweX0wl8uG7l0vH3Z+YI= |
| 90 |
> =C/8F |
| 91 |
> -----END PGP SIGNATURE----- |
| 92 |
> |
| 93 |
> -- |
| 94 |
> gentoo-dev@g.o mailing list |
| 95 |
-- |
| 96 |
Ned Ludd <solar@g.o> |
| 97 |
Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer |
Archives