| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
Ciaran McCreesh wrote: |
| 7 |
| On Thu, 23 Sep 2004 16:05:13 +0200 Thierry Carrez <koon@g.o> |
| 8 |
| wrote: |
| 9 |
| | SSP is very useful, and it should be used on all executables on a |
| 10 |
| | given machine. I don't think we should only use it to protect daemons |
| 11 |
| | and SUID programs, since a lot of buffer overflows are discovered in |
| 12 |
| | client software and they are also a way of remotely compromising a |
| 13 |
| | machine. If you protect only exposed services, attackers will turn to |
| 14 |
| | passive attacks, like virus images, to always exploit the weakest |
| 15 |
| | link. |
| 16 |
| |
| 17 |
| Ok, so what you're basically saying is that you want a variable which |
| 18 |
| enables -fstack-protector for any c executable at a global level. I'd |
| 19 |
| like to propose a variable called 'CFLAGS' which can be set in make.conf |
| 20 |
| for that kind of thing. |
| 21 |
| |
| 22 |
|
| 23 |
|
| 24 |
http://article.gmane.org/gmane.linux.gentoo.devel/21481 |
| 25 |
|
| 26 |
# CPU types supported in gcc-2.95*: k6, i386, i486, i586 (Pentium), i686 |
| 27 |
# (Pentium Pro), pentium, pentiumpro Gentoo Linux 1.2 and below use |
| 28 |
# gcc-2.95* |
| 29 |
# |
| 30 |
# The security concious could add -fstack-protector to CFLAGS as well, |
| 31 |
# for some added security (see SSPDAEMONS below for FEATURES). This |
| 32 |
# should be safe; if something breaks, bug bugs.gentoo.org |
| 33 |
# |
| 34 |
# Decent examples: |
| 35 |
|
| 36 |
I'll repete myself this once. . . and yes I'd prefer users to stick it |
| 37 |
in CFLAGS. |
| 38 |
- -- |
| 39 |
All content of all messages exchanged herein are left in the |
| 40 |
Public Domain, unless otherwise explicitly stated. |
| 41 |
|
| 42 |
-----BEGIN PGP SIGNATURE----- |
| 43 |
Version: GnuPG v1.2.6 (GNU/Linux) |
| 44 |
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
| 45 |
|
| 46 |
iD8DBQFBUwurhDd4aOud5P8RAuT/AJ9U4Ax7anRWduyLd4z87zw1VvWQUgCgkYQW |
| 47 |
8HC0c1JDRSVp3jg4bAROSZs= |
| 48 |
=k14w |
| 49 |
-----END PGP SIGNATURE----- |
| 50 |
|
| 51 |
-- |
| 52 |
gentoo-dev@g.o mailing list |
Archives