Gentoo Archives: gentoo-dev

From: John Richard Moser <nigelenki@×××××××.net>
To: John Richard Moser <nigelenki@×××××××.net>
Cc: gentoo-security@l.g.o, gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Stack smash protected daemons
Date: Sun, 26 Sep 2004 18:39:36
Message-Id: 41570CF7.40105@comcast.net
In Reply to: [gentoo-dev] Stack smash protected daemons by John Richard Moser
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4
5 TIME TO KILL THIS THREAD.
6
7 ~ - Some people think SSP goes everywhere
8 ~ - Some people think SSP is an ugly hack that shouldn't be used
9 ~ - Some people think users don't want SSP
10 ~ - Some people think users don't know about SSP and need education
11 ~ - Some people want to poll the userbase
12
13 I HAVE REACHED A SOLUTION.
14
15
16 Phase 1: Documentation
17
18 On the advice of multiple contributers to this thread, Gentoo should
19 give brief documentation about SSP in the install guide. This would
20 bring SSP to users' attention and allow them to decide if they want to
21 Stage 1 + SSP their system, rather than Stage 2 or 3 or normal Stage 1.
22
23 Such documentation should contain external links to pages about SSP,
24 such as the white paper[1] and the main site[2]; or to the Hardened
25 Gentoo[3] page or documentation on there.
26
27 [1] http://www.trl.ibm.com/projects/security/ssp/main.html
28 [2] http://www.trl.ibm.com/projects/security/ssp/
29 [3] http://hardened.gentoo.org/
30
31 Brief documentation about SSP may be added to make.conf to get the
32 information to current users who won't read the install guide over
33 again. It may also be flashed on screen using 'einfo' after upgrading
34 portage for the next few stable versions; such a message would direct
35 the user to check out the comments in make.conf.example about CFLAGS and
36 - -fstack-protector. This message would of course later be removed when
37 enough of the user base has seen it.
38
39
40 Phase 2: Gather Information
41
42 If SSP becomes popular, then a lot of users will be compiling from Stage
43 1. Because SSP is off by default, Stage 2 and 3 will not be protected.
44
45 The Gentoo developers would need to find out if most users on given
46 archs were using and satisfied with SSP. It would also be important to
47 know if these users were using Stage 1 instead of 2 or 3 for this reason.
48
49 When polling users, remember that NEUTRALS DO NOT COUNT. If you have 20
50 people who don't want SSP, 20 that want it, and 400 that don't care, you
51 have a 50/50 split. Similarly, if you have 35 that want SSP, 5 that
52 don't, and 400 that don't care, you have only 1/8 objection and 7/8 for.
53 ~ It works the other way too.
54
55
56 Phase 3: Deployment
57
58 If the information gathered in (Phase 2) displays that a significant
59 portion of the user base uses SSP, and especially if they forego Stage 2
60 or 3 in favor of Stage 1 just for SSP, then steps to enhance deployment
61 should be taken. Stage 2 and 3 tarballs should be released with
62 - -fstack-protector in CFLAGS, and with all contained, pre-built programs
63 compiled -fstack-protector.
64
65 Non-SSP stages may or may not be phased out eventually if this happens.
66 ~ If this process evolves Gentoo into a state where it is acknowledged
67 that most non-neutral users want SSP, then the non-ssp stages will
68 vanish, and GRP packages may possibly become SSP-enabled as well.
69
70 If the facts show that most people are dissatisfied with or flat out
71 against SSP, then (Phase 3) will never occur.
72
73
74
75 Phase 3 is essentially "giving the users what they want" based on Phase
76 2 ("finding out what the users want"). It's justified because users can
77 still go without SSP if you do this, but it'd be more difficult. You
78 make it *easier* for *most* users to get what they want, but leave it
79 *possible* for the minority to change it back. Which is which is to be
80 determined.
81
82 - --
83 All content of all messages exchanged herein are left in the
84 Public Domain, unless otherwise explicitly stated.
85
86 -----BEGIN PGP SIGNATURE-----
87 Version: GnuPG v1.2.6 (GNU/Linux)
88 Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
89
90 iD8DBQFBVwz2hDd4aOud5P8RArKxAJ448lt0j1zL+m0UP++aecvLOXCVZwCgkPT0
91 tPzF+IuxqDOsnwB+/r0ac9E=
92 =dVlM
93 -----END PGP SIGNATURE-----
94
95 --
96 gentoo-dev@g.o mailing list