| 1 |
On 01/10/2014 10:50 AM, Ryan Hill wrote: |
| 2 |
> On Fri, 10 Jan 2014 01:35:09 -0500 |
| 3 |
> "Rick \"Zero_Chaos\" Farina" <zerochaos@g.o> wrote: |
| 4 |
> |
| 5 |
>> More to the point, "this specific use flag" appears to have no purpose |
| 6 |
>> what-so-ever. If a user can do exactly the same with |
| 7 |
>> CFLAGS=-fno-stack-protector in make.conf, and it would be INSANE for a |
| 8 |
>> package to dep on gcc[nossp] then this is has got to be one of the most |
| 9 |
>> useless use flags in gentoo. |
| 10 |
> |
| 11 |
> Having slept on it I'm starting to agree. My first argument was that on |
| 12 |
> hardened ssp is -fstack-protector-all, which is much more expensive, and it |
| 13 |
> adds -fstack-check and -z,now to the linker by default as well. The pie half |
| 14 |
|
| 15 |
I'm pretty sure we're not adding -fstack-check unless something has |
| 16 |
changed. Where are you seeing that? |
| 17 |
|
| 18 |
The reason I'm concerned is because of situations like bug #471756. |
| 19 |
stack-check incumbers a register which in some situations (like the asm |
| 20 |
in ffmpeg) can get you into trouble with not enough GENERAL_REGS. |
| 21 |
|
| 22 |
> adds -fPIE but also a crtbeginP section for linking static libs with -pie. So |
| 23 |
> there are situations where you want to disable one or both, if only for |
| 24 |
> testing. But what I forgot is that hardened installs multiple gcc-config |
| 25 |
> profiles to switch these out on the fly. So there goes that idea. |
| 26 |
> |
| 27 |
> It might be useful to have these flags so we can mask them on archs that don't |
| 28 |
> support ssp/pie. But that's always been true and it looks like sh is the only |
| 29 |
> place we've bothered for some reason. |
| 30 |
|
| 31 |
Yes please. I had this issue on mips where gcc didn't support ssp for |
| 32 |
early versions of gcc 4.x. |
| 33 |
|
| 34 |
> |
| 35 |
>> Not saying I would block this patch, not saying it has to be this |
| 36 |
>> second, but I see this use flag as a small example of things in |
| 37 |
>> toolchain which could probably be cleaned up if fresh eyes were to see |
| 38 |
>> things. |
| 39 |
> |
| 40 |
> Yes, and believe it or not I appreciate the input. I know I'm stubborn as hell |
| 41 |
> but eventually common sense gets through. |
| 42 |
> |
| 43 |
> |
| 44 |
|
| 45 |
|
| 46 |
-- |
| 47 |
Anthony G. Basile, Ph. D. |
| 48 |
Chair of Information Technology |
| 49 |
D'Youville College |
| 50 |
Buffalo, NY 14201 |
| 51 |
(716) 829-8197 |
Archives