| 1 |
Ned Ludd posted <1096599618.27475.712.camel@simple>, excerpted below, on |
| 2 |
Thu, 30 Sep 2004 23:00:18 -0400: |
| 3 |
|
| 4 |
> On Sun, 2004-09-26 at 23:52, Duncan wrote: |
| 5 |
> |
| 6 |
[about portage .51's QA Notice: Security risk notice] |
| 7 |
>> |
| 8 |
>> There's simply not enough there to be anything but a [tease] yet it's |
| 9 |
>> labeled security risk. Someone's being *MEAN* with their teasing! =:^\ |
| 10 |
> |
| 11 |
> Sorry about that. This qa notice steams from an internal thread. It was |
| 12 |
> intended for developers to see. I've got an open bug now to change the |
| 13 |
> output of the qa notice. |
| 14 |
|
| 15 |
Thanks. Looking back, it's self-evident that the warning was designed for |
| 16 |
developers, since that's what the other QA notices are. However, that |
| 17 |
wasn't evident to me /before/ someone told me, and in any case, such a |
| 18 |
user-visible label as worded is a bit of needlessly panicking the |
| 19 |
populace, so even with the developer understanding, changing it is a good |
| 20 |
idea. |
| 21 |
|
| 22 |
> The append-ldflags is a function that comes from the flag-o-matic.eclass |
| 23 |
> which is intended for the developer to use to add a string to the |
| 24 |
> packages LDFLAGS. The user interface works just like the CFLAGS |
| 25 |
> counterpart. |
| 26 |
> |
| 27 |
> So for example to make that message go away for crontab as a user you |
| 28 |
> would do LDFLAGS="-Wl,-z,now" emerge virtual/cron |
| 29 |
|
| 30 |
OK. From the other posts and man gcc and man ld I'd figured out what was |
| 31 |
involved there. I've looked at flag-o-matic for cflags so am familiar |
| 32 |
with the idea there, but hadn't paid attention to ldflags and thus didn't |
| 33 |
recognize the append-ldflags from there. Once I'd pieced together what |
| 34 |
the rest did and that append-ldflags wasn't some sort of command I could |
| 35 |
run from the command line or something, I decided it must be the portage |
| 36 |
function (and guessed it was in an eclass but didn't bother to verify). |
| 37 |
Nice to get verification of that and exactly where it is, now. |
| 38 |
|
| 39 |
> The basic idea is rid our tree of setXid executables that have use lazy |
| 40 |
> bindings. Lazy binding themselves present no immediate risk that's been |
| 41 |
> documented. The behavior is just generally discouraged. |
| 42 |
|
| 43 |
OK, from various reading, I understand the (theoretical) worry about lazy |
| 44 |
bindings on setXid executables. Thus, the level of threat is now known |
| 45 |
and can be managed. This is a good thing! <g> |
| 46 |
|
| 47 |
I don't know how the message is being changed, but having this sort of |
| 48 |
info available about it would be nice and would have prevented alarming |
| 49 |
the user (me). <g> Obviously, the message there can't be too verbose. |
| 50 |
Perhaps a pointer to a QASECURITY.README file or a URL with the details? |
| 51 |
|
| 52 |
All I want is to be an informed user, keeping in mind that from |
| 53 |
a Gentoo dev perspective, their "user" is a sysadmin, and needs |
| 54 |
such info, especially about security issues such as this, to properly do |
| 55 |
their job. |
| 56 |
|
| 57 |
IOW, this is basically the same request as I made some months ago about |
| 58 |
changelogs entries denoting keyword removal. When I see an emerge -a with |
| 59 |
a [ UD], I want to know /why/ I'm being asked to downgrade. Is it a |
| 60 |
security issue or just some issue with functionality based on a USE flag I |
| 61 |
don't even have turned on? Since making the request, at least amd64 which |
| 62 |
I follow has been very good at providing this user/sysadmin that info, and |
| 63 |
it's been that much easier to do my job /as/ that sysadmin. |
| 64 |
|
| 65 |
So, I guess I owe both them and now you and the portage team a round of |
| 66 |
thanks for being so responsive. Just another reason my Gentoo choice was |
| 67 |
the RIGHT choice! |
| 68 |
|
| 69 |
> Before you jump into a system-wide deployment of a linker flag be sure |
| 70 |
> you understand what they do. The flag for one is known to slow down |
| 71 |
> program startup. You wont really see it on a small executable but really |
| 72 |
> big c++ app with alot of symbols that also loads alot of libraries you |
| 73 |
> might. On the same token of slowdowns is the runtime speedup you gain |
| 74 |
> because ld.so will already have looked up the entire symbol table. |
| 75 |
|
| 76 |
Thanks for explaining that. I have it on for now, but may consider |
| 77 |
turning it off for stuff like KDE when updates to it come out. |
| 78 |
|
| 79 |
> *mean* -solar |
| 80 |
|
| 81 |
<g> |
| 82 |
|
| 83 |
-- |
| 84 |
Duncan - List replies preferred. No HTML msgs. |
| 85 |
"They that can give up essential liberty to obtain a little |
| 86 |
temporary safety, deserve neither liberty nor safety." -- |
| 87 |
Benjamin Franklin |
| 88 |
|
| 89 |
|
| 90 |
|
| 91 |
-- |
| 92 |
gentoo-dev@g.o mailing list |
Archives