Gentoo Archives: gentoo-dev

From: "Anthony G. Basile" <basile@××××××××××××××.edu>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Re: [PATCH] To enable ssp default in Gcc the toolchain.eclass need some changes.
Date: Fri, 10 Jan 2014 20:08:11
In Reply to: [gentoo-dev] Re: [PATCH] To enable ssp default in Gcc the toolchain.eclass need some changes. by Ryan Hill
1 On 01/10/2014 10:50 AM, Ryan Hill wrote:
2 > On Fri, 10 Jan 2014 01:35:09 -0500
3 > "Rick \"Zero_Chaos\" Farina" <zerochaos@g.o> wrote:
4 >
5 >> More to the point, "this specific use flag" appears to have no purpose
6 >> what-so-ever. If a user can do exactly the same with
7 >> CFLAGS=-fno-stack-protector in make.conf, and it would be INSANE for a
8 >> package to dep on gcc[nossp] then this is has got to be one of the most
9 >> useless use flags in gentoo.
10 >
11 > Having slept on it I'm starting to agree. My first argument was that on
12 > hardened ssp is -fstack-protector-all, which is much more expensive, and it
13 > adds -fstack-check and -z,now to the linker by default as well. The pie half
15 I'm pretty sure we're not adding -fstack-check unless something has
16 changed. Where are you seeing that?
18 The reason I'm concerned is because of situations like bug #471756.
19 stack-check incumbers a register which in some situations (like the asm
20 in ffmpeg) can get you into trouble with not enough GENERAL_REGS.
22 > adds -fPIE but also a crtbeginP section for linking static libs with -pie. So
23 > there are situations where you want to disable one or both, if only for
24 > testing. But what I forgot is that hardened installs multiple gcc-config
25 > profiles to switch these out on the fly. So there goes that idea.
26 >
27 > It might be useful to have these flags so we can mask them on archs that don't
28 > support ssp/pie. But that's always been true and it looks like sh is the only
29 > place we've bothered for some reason.
31 Yes please. I had this issue on mips where gcc didn't support ssp for
32 early versions of gcc 4.x.
34 >
35 >> Not saying I would block this patch, not saying it has to be this
36 >> second, but I see this use flag as a small example of things in
37 >> toolchain which could probably be cleaned up if fresh eyes were to see
38 >> things.
39 >
40 > Yes, and believe it or not I appreciate the input. I know I'm stubborn as hell
41 > but eventually common sense gets through.
42 >
43 >
46 --
47 Anthony G. Basile, Ph. D.
48 Chair of Information Technology
49 D'Youville College
50 Buffalo, NY 14201
51 (716) 829-8197