1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
On 01/09/2014 06:01 PM, Anthony G. Basile wrote: |
5 |
> On 01/09/2014 05:21 PM, Michał Górny wrote: |
6 |
>> Dnia 2014-01-09, o godz. 17:06:52 |
7 |
>> "Anthony G. Basile" <blueness@g.o> napisał(a): |
8 |
>> |
9 |
>>> On 01/09/2014 04:57 PM, Pacho Ramos wrote: |
10 |
>>>> What are the advantages of disabling SSP to deserve that "special" |
11 |
>>>> handling via USE flag or easily disabling it appending the flag? |
12 |
>>> There are some cases where ssp could break things. I know of once case |
13 |
>>> right now, but its somewhat exotic. Also, sometimes we *want* to break |
14 |
>>> things for testing. I'm thinking here of instance where we want to test |
15 |
>>> a pax hardened kernel to see if it catches abuses of memory which would |
16 |
>>> otherwise be caught by executables emitted from a hardened toolchain. |
17 |
>>> Take a look at the app-admin/paxtest suite. |
18 |
>> Just to be clear, are we talking about potential system-wide breakage |
19 |
>> or single, specific packages being broken by SSP? In other words, are |
20 |
>> there cases when people will really want to disable SSP completely? |
21 |
>> |
22 |
>> Unless I'm misunderstanding something, your examples sound like you |
23 |
>> just want -fno-stack-protector per-package. I don't really think you |
24 |
>> actually want to rebuild whole gcc just to do some testing on a single |
25 |
>> package... |
26 |
>> |
27 |
> Correct, you'd only want to turn off ssp per package and then only in |
28 |
> rare cases. You should never have to rebuild gcc for this. With ssp on |
29 |
> by default, gcc specs would add -fstack-protector to all builds. If you |
30 |
> don't want a package build with ssp, then just do |
31 |
> CFLAGS="-fno-stack-protector" and you're building without ssp. |
32 |
> |
33 |
This reads very much like "the nossp use flag is useless". |
34 |
|
35 |
Not that Zorry needs to fix that (preexisting and all that) but it |
36 |
sounds to me like it's safe to remove these types of use flags from |
37 |
toolchain. |
38 |
|
39 |
I'm really interested in dirtyepic's opinion though... sir? |
40 |
|
41 |
Thanks, |
42 |
Zero |
43 |
-----BEGIN PGP SIGNATURE----- |
44 |
Version: GnuPG v2.0.22 (GNU/Linux) |
45 |
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ |
46 |
|
47 |
iQIcBAEBAgAGBQJSzy0dAAoJEKXdFCfdEflKZJEP/3P/Gq3sD6aB9XDcsLxUAVqC |
48 |
vg10PuwhmNpJK6HiYO2F/C5TNv3J+hpkiYPDMgjChOTw+JvqGCeIYYKvKuumtIXV |
49 |
fjnHDW9IRD8BGHlNFF9xx3sGV9VMPYDNICkK3oeNQJPlZOVSbnVEWsaTju/CEA7e |
50 |
tMkeA93ULed9pSzSZ3OBAIwLH906Kh8hO+o/gcJDyBa9/tJrXKfS+jtd6zTMbVtO |
51 |
8ruLjRUDTsYwt61uMFhV7R/eWlSagGIFDGbxop0JyhTZaB+zxvbm8wzmZck4Tc2J |
52 |
HFO4A289zFBVZESaDA4SHAYJHQTSMND1fzAB8X4sPEwNebmLwOinneuA7XYVRsHW |
53 |
svu/I3tUPjNTKimTSmjMySi7f+3QDYLIxQ8UY0PUCPKjdlNZMQruqCR52lTsjy8F |
54 |
n0EpLMqodD61B+aCkkBpdrt1sx/BJ4AISq8R51yiJecujPoSk1oj5gG1aFOPK/mG |
55 |
BIQqLL1c6TvbB4ECLVMh6YAfxRKcyCT8tlMZqu2rTRqtxQ+YlUnxwvIQV7ivQ5sL |
56 |
M8eC/HjVjd0In9v5GVxePa3NFfwwuswnFipi2mivniajmZYi8M8avSVLpv54Kvi0 |
57 |
cAysdf/FP4WA+iVCd5J+MKGygKKSmbyYZ9IHyE4yCyCNK+0+ZZcFm9YNy9nx8rAJ |
58 |
4ctTVxoCTtA+B9p3MBnL |
59 |
=6a0w |
60 |
-----END PGP SIGNATURE----- |