1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
|
5 |
|
6 |
Stephen P. Becker wrote: |
7 |
|> As someone who is passively absorbing this information, I find your |
8 |
|> ignorance combined with your claim of being a security expert to |
9 |
|> indicate that you're full of shit. |
10 |
|> |
11 |
|> You've repetedly referred to the issue of cross-platform portability |
12 |
|> with SSP in here, for example; and I've pointed out once a link that |
13 |
|> shows that SSP is OS and CPU independent. Do your research, read what's |
14 |
|> out there. |
15 |
|> |
16 |
| |
17 |
| So are you then going to test it for us on mips then? "I read it on the |
18 |
| internet so it must be true" is a *horrible* way to do QA. Mozilla is |
19 |
| also supposed to be arch neutral. Guess what...it doesn't work on mips. |
20 |
| Oops! We're a small arch in terms of both devs and users. To my |
21 |
| knowledge, a full SSP userland has *never* been tested on mips. We are |
22 |
| spread way to thin currently for such an endeavor. |
23 |
|
24 |
OK so who has a mips you can test it on? |
25 |
|
26 |
| |
27 |
| So then, are you volunteering to build mips stages with SSP to prove |
28 |
| that it works for certain? We really don't have the manpower to do that |
29 |
| currently. Are you going to answer to any bug reports we would get if |
30 |
| this is implemented? |
31 |
| |
32 |
| Also, in terms of "researching" this problem, do you realize you just |
33 |
| told the Gentoo/sparc strategic manager that he doesn't know anything |
34 |
| about his own arch? "No! you're wrong! SSP does work on your arch!" |
35 |
|
36 |
"And ssp is supposed to be portable. Etoh and Yoda's paper[1] says that |
37 |
The IBM stack smash protection method (ProPolice) is CPU and OS |
38 |
independent[2]. I think that you'd be within reason to complain to them |
39 |
if it didn't work accross all archs." |
40 |
|
41 |
I never gave you my personal guarantee, I said based on research and on |
42 |
what the maintainers say, it should; and that if it doesn't then it's |
43 |
something they (not you) need to fix. I do like to think that people |
44 |
don't lie about their software, at the very least not intentionally. |
45 |
|
46 |
Obviously if it breaks on X arch, you disable it there. |
47 |
|
48 |
| Reminds me of arguments I've had with people that tried to tell me (I'm |
49 |
| a geologist) the Earth is only 7000 years old because the bible says so. |
50 |
| I suggest you pull your head out of the collective x86 ass. The |
51 |
| non-x86 arch teams have enough breakage to deal with without introducing |
52 |
| another layer of potential brokenness. |
53 |
|
54 |
I was considering more than x86, else I'd have asked you why the hell it |
55 |
needs to be cross-arch. I use x86_64 mainly, although I guess that |
56 |
counts as x86 huh? (the amd64 caabal doesn't seem to agree :>) In this |
57 |
case the architectural similarities put them in the same class. |
58 |
|
59 |
Still, I figured they meant "alpha sparc mips arm sh4 windows dos macos |
60 |
aix unix linux" when they said CPU and OS independent. |
61 |
|
62 |
| |
63 |
| I still don't understand why we can't simply place a blurb in the |
64 |
| install handbook as I suggested before. It is always much easier to add |
65 |
| something than take it away in this circumstance. If a user *really* |
66 |
| wants that functionality, they'll add it in. If a user *really* doesn't |
67 |
| want it, but it is on by default, they will have to rebuild their whole |
68 |
| userland, which on machines such a those supported by the mips port |
69 |
| would be *extremely* painful. |
70 |
| |
71 |
|
72 |
It's a design decision still. If you supply a non-SSP userland in your |
73 |
stages, the user has to start from stage 1 (not 2 or 3) to get SSP. If |
74 |
you supply an SSP userland in the stages, the user has to start from |
75 |
stage 1 to remove it. The hardened stages come with PIE-SSP, but what |
76 |
if the user doesn't want a full hardened system (i.e. pie and the |
77 |
hardened profile)? Obviously you don't want to waste more space on the |
78 |
mirrors supplying non-ssp/ssp/pie-ssp-selinux stages for each arch. |
79 |
|
80 |
Why not take a poll of the user base, and ask if SSP should be on by |
81 |
default or not? |
82 |
|
83 |
| Steve |
84 |
| |
85 |
| |
86 |
|
87 |
- -- |
88 |
All content of all messages exchanged herein are left in the |
89 |
Public Domain, unless otherwise explicitly stated. |
90 |
|
91 |
-----BEGIN PGP SIGNATURE----- |
92 |
Version: GnuPG v1.2.6 (GNU/Linux) |
93 |
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
94 |
|
95 |
iD8DBQFBVuvDhDd4aOud5P8RAm4uAJ94IoyZFByzemth5qcXvEWyfkffewCeNEid |
96 |
jrcMbnuBmtJnBBZLA3l+4oU= |
97 |
=H8GL |
98 |
-----END PGP SIGNATURE----- |
99 |
|
100 |
-- |
101 |
gentoo-dev@g.o mailing list |