Gentoo Archives: gentoo-dev

From: "Rick \\\"Zero_Chaos\\\" Farina" <zerochaos@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Re: [PATCH] To enable ssp default in Gcc the toolchain.eclass need some changes.
Date: Fri, 10 Jan 2014 18:37:00
In Reply to: [gentoo-dev] Re: [PATCH] To enable ssp default in Gcc the toolchain.eclass need some changes. by Ryan Hill
2 Hash: SHA1
4 On 01/10/2014 10:50 AM, Ryan Hill wrote:
5 > On Fri, 10 Jan 2014 01:35:09 -0500
6 > "Rick \"Zero_Chaos\" Farina" <zerochaos@g.o> wrote:
7 >
8 >> More to the point, "this specific use flag" appears to have no purpose
9 >> what-so-ever. If a user can do exactly the same with
10 >> CFLAGS=-fno-stack-protector in make.conf, and it would be INSANE for a
11 >> package to dep on gcc[nossp] then this is has got to be one of the most
12 >> useless use flags in gentoo.
13 >
14 > Having slept on it I'm starting to agree. My first argument was that on
15 > hardened ssp is -fstack-protector-all, which is much more expensive, and it
16 > adds -fstack-check and -z,now to the linker by default as well. The pie half
17 > adds -fPIE but also a crtbeginP section for linking static libs with -pie. So
18 > there are situations where you want to disable one or both, if only for
19 > testing. But what I forgot is that hardened installs multiple gcc-config
20 > profiles to switch these out on the fly. So there goes that idea.
21 >
22 > It might be useful to have these flags so we can mask them on archs that don't
23 > support ssp/pie. But that's always been true and it looks like sh is the only
24 > place we've bothered for some reason.
25 >
26 >> Not saying I would block this patch, not saying it has to be this
27 >> second, but I see this use flag as a small example of things in
28 >> toolchain which could probably be cleaned up if fresh eyes were to see
29 >> things.
30 >
31 > Yes, and believe it or not I appreciate the input. I know I'm stubborn as hell
32 > but eventually common sense gets through.
34 Well, that's why I asked for your opinion ;-) Now since I know you have
35 plenty to do I'll leave you with this though bouncing around in there.
36 When you are working on your updates, we would prefer that this "nopie"
37 and "nossp" flags to bye bye. If you REALLY wanted a way to change the
38 gcc profile then do for the normal users what the hardened team does and
39 offer them multiple profiles. Obviously we should involved docs team at
40 that point, but it makes much more sense to "gcc-config 3" than rebuild
41 gcc with a different use flag.
43 Again, doesn't have to be this second, but I want it in your head since
44 I know you are working on this stuff right now.
46 Thanks!
47 Zero
48 >
49 >
52 Version: GnuPG v2.0.22 (GNU/Linux)
53 Comment: Using GnuPG with Thunderbird -
56 FKG0l3MmMr6+2joKkgZSLqVebiTcc8OtCgpk6UJJVEWSpNMWqrjqX5oTkIBAJisr
57 sGUVGJEAyDCCsNJwTtbW/sBKw5r5Xh1zLk92T55YhaWBMTJPc4UzSqhpr+TBZ8wJ
58 T77XOIPtxOdZYjubGqIm4lSWsgT/o0F0S6kge75iYm81omuBtZpAze6ePE2DteTj
59 IinauiMUhqkTYXv6AXdBNv4dDLiInyDrdlUIFbWlawxsx64Wpt77j3jA2fHrRmEf
60 8MPvoRzLpX/7DPMDaS3WyGBVpM8CPNTaxQiXjC+giXNj4jkJyop/m6Q4a00wYvQg
61 C+1o6JMEsYNlrIuSooInFxQ5OqARzna4lFc7Jp6+eMaBE4NhYkPkxJ7KOerD3IvI
62 yW1lSN5gte/zxgm3Ny/96Zw/6+Jx5ffQNc8bCgE2+TxDG0wwB5qZGn/w6dl6gFYX
63 jXD5dFmw3C5T2HhTIZ6j9n8b0MNkT71CzFA2O4EzEyPrI3b8KTmU6PkppT/Vwlo4
64 EHc/EUWdjSCPH/FzzJdcNbFUdvLCigZQqvaggN3Qjh/YyJRECXz6Hy2M8VTOg18a
65 XVE36Z5/DNeobeBQ5XaKLcb5po22wJueJzKFdEK+GaSewzn+FXsNCquVZV9Y3lZC
66 epKNxmbxtX/Uqx8q9+74
67 =++P6
68 -----END PGP SIGNATURE-----