1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
|
5 |
|
6 |
Ciaran McCreesh wrote: |
7 |
| On Thu, 23 Sep 2004 16:05:13 +0200 Thierry Carrez <koon@g.o> |
8 |
| wrote: |
9 |
| | SSP is very useful, and it should be used on all executables on a |
10 |
| | given machine. I don't think we should only use it to protect daemons |
11 |
| | and SUID programs, since a lot of buffer overflows are discovered in |
12 |
| | client software and they are also a way of remotely compromising a |
13 |
| | machine. If you protect only exposed services, attackers will turn to |
14 |
| | passive attacks, like virus images, to always exploit the weakest |
15 |
| | link. |
16 |
| |
17 |
| Ok, so what you're basically saying is that you want a variable which |
18 |
| enables -fstack-protector for any c executable at a global level. I'd |
19 |
| like to propose a variable called 'CFLAGS' which can be set in make.conf |
20 |
| for that kind of thing. |
21 |
| |
22 |
|
23 |
|
24 |
http://article.gmane.org/gmane.linux.gentoo.devel/21481 |
25 |
|
26 |
# CPU types supported in gcc-2.95*: k6, i386, i486, i586 (Pentium), i686 |
27 |
# (Pentium Pro), pentium, pentiumpro Gentoo Linux 1.2 and below use |
28 |
# gcc-2.95* |
29 |
# |
30 |
# The security concious could add -fstack-protector to CFLAGS as well, |
31 |
# for some added security (see SSPDAEMONS below for FEATURES). This |
32 |
# should be safe; if something breaks, bug bugs.gentoo.org |
33 |
# |
34 |
# Decent examples: |
35 |
|
36 |
I'll repete myself this once. . . and yes I'd prefer users to stick it |
37 |
in CFLAGS. |
38 |
- -- |
39 |
All content of all messages exchanged herein are left in the |
40 |
Public Domain, unless otherwise explicitly stated. |
41 |
|
42 |
-----BEGIN PGP SIGNATURE----- |
43 |
Version: GnuPG v1.2.6 (GNU/Linux) |
44 |
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
45 |
|
46 |
iD8DBQFBUwurhDd4aOud5P8RAuT/AJ9U4Ax7anRWduyLd4z87zw1VvWQUgCgkYQW |
47 |
8HC0c1JDRSVp3jg4bAROSZs= |
48 |
=k14w |
49 |
-----END PGP SIGNATURE----- |
50 |
|
51 |
-- |
52 |
gentoo-dev@g.o mailing list |