| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On 01/09/2014 06:01 PM, Anthony G. Basile wrote: |
| 5 |
> On 01/09/2014 05:21 PM, Michał Górny wrote: |
| 6 |
>> Dnia 2014-01-09, o godz. 17:06:52 |
| 7 |
>> "Anthony G. Basile" <blueness@g.o> napisał(a): |
| 8 |
>> |
| 9 |
>>> On 01/09/2014 04:57 PM, Pacho Ramos wrote: |
| 10 |
>>>> What are the advantages of disabling SSP to deserve that "special" |
| 11 |
>>>> handling via USE flag or easily disabling it appending the flag? |
| 12 |
>>> There are some cases where ssp could break things. I know of once case |
| 13 |
>>> right now, but its somewhat exotic. Also, sometimes we *want* to break |
| 14 |
>>> things for testing. I'm thinking here of instance where we want to test |
| 15 |
>>> a pax hardened kernel to see if it catches abuses of memory which would |
| 16 |
>>> otherwise be caught by executables emitted from a hardened toolchain. |
| 17 |
>>> Take a look at the app-admin/paxtest suite. |
| 18 |
>> Just to be clear, are we talking about potential system-wide breakage |
| 19 |
>> or single, specific packages being broken by SSP? In other words, are |
| 20 |
>> there cases when people will really want to disable SSP completely? |
| 21 |
>> |
| 22 |
>> Unless I'm misunderstanding something, your examples sound like you |
| 23 |
>> just want -fno-stack-protector per-package. I don't really think you |
| 24 |
>> actually want to rebuild whole gcc just to do some testing on a single |
| 25 |
>> package... |
| 26 |
>> |
| 27 |
> Correct, you'd only want to turn off ssp per package and then only in |
| 28 |
> rare cases. You should never have to rebuild gcc for this. With ssp on |
| 29 |
> by default, gcc specs would add -fstack-protector to all builds. If you |
| 30 |
> don't want a package build with ssp, then just do |
| 31 |
> CFLAGS="-fno-stack-protector" and you're building without ssp. |
| 32 |
> |
| 33 |
This reads very much like "the nossp use flag is useless". |
| 34 |
|
| 35 |
Not that Zorry needs to fix that (preexisting and all that) but it |
| 36 |
sounds to me like it's safe to remove these types of use flags from |
| 37 |
toolchain. |
| 38 |
|
| 39 |
I'm really interested in dirtyepic's opinion though... sir? |
| 40 |
|
| 41 |
Thanks, |
| 42 |
Zero |
| 43 |
-----BEGIN PGP SIGNATURE----- |
| 44 |
Version: GnuPG v2.0.22 (GNU/Linux) |
| 45 |
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ |
| 46 |
|
| 47 |
iQIcBAEBAgAGBQJSzy0dAAoJEKXdFCfdEflKZJEP/3P/Gq3sD6aB9XDcsLxUAVqC |
| 48 |
vg10PuwhmNpJK6HiYO2F/C5TNv3J+hpkiYPDMgjChOTw+JvqGCeIYYKvKuumtIXV |
| 49 |
fjnHDW9IRD8BGHlNFF9xx3sGV9VMPYDNICkK3oeNQJPlZOVSbnVEWsaTju/CEA7e |
| 50 |
tMkeA93ULed9pSzSZ3OBAIwLH906Kh8hO+o/gcJDyBa9/tJrXKfS+jtd6zTMbVtO |
| 51 |
8ruLjRUDTsYwt61uMFhV7R/eWlSagGIFDGbxop0JyhTZaB+zxvbm8wzmZck4Tc2J |
| 52 |
HFO4A289zFBVZESaDA4SHAYJHQTSMND1fzAB8X4sPEwNebmLwOinneuA7XYVRsHW |
| 53 |
svu/I3tUPjNTKimTSmjMySi7f+3QDYLIxQ8UY0PUCPKjdlNZMQruqCR52lTsjy8F |
| 54 |
n0EpLMqodD61B+aCkkBpdrt1sx/BJ4AISq8R51yiJecujPoSk1oj5gG1aFOPK/mG |
| 55 |
BIQqLL1c6TvbB4ECLVMh6YAfxRKcyCT8tlMZqu2rTRqtxQ+YlUnxwvIQV7ivQ5sL |
| 56 |
M8eC/HjVjd0In9v5GVxePa3NFfwwuswnFipi2mivniajmZYi8M8avSVLpv54Kvi0 |
| 57 |
cAysdf/FP4WA+iVCd5J+MKGygKKSmbyYZ9IHyE4yCyCNK+0+ZZcFm9YNy9nx8rAJ |
| 58 |
4ctTVxoCTtA+B9p3MBnL |
| 59 |
=6a0w |
| 60 |
-----END PGP SIGNATURE----- |
Archives