Gentoo Archives: gentoo-dev

From: "Rick \\\"Zero_Chaos\\\" Farina" <zerochaos@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] [PATCH] To enable ssp default in Gcc the toolchain.eclass need some changes.
Date: Thu, 09 Jan 2014 23:13:25
Message-Id: 52CF2D1D.10709@gentoo.org
In Reply to: Re: [gentoo-dev] [PATCH] To enable ssp default in Gcc the toolchain.eclass need some changes. by "Anthony G. Basile"
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 On 01/09/2014 06:01 PM, Anthony G. Basile wrote:
5 > On 01/09/2014 05:21 PM, Michał Górny wrote:
6 >> Dnia 2014-01-09, o godz. 17:06:52
7 >> "Anthony G. Basile" <blueness@g.o> napisał(a):
8 >>
9 >>> On 01/09/2014 04:57 PM, Pacho Ramos wrote:
10 >>>> What are the advantages of disabling SSP to deserve that "special"
11 >>>> handling via USE flag or easily disabling it appending the flag?
12 >>> There are some cases where ssp could break things. I know of once case
13 >>> right now, but its somewhat exotic. Also, sometimes we *want* to break
14 >>> things for testing. I'm thinking here of instance where we want to test
15 >>> a pax hardened kernel to see if it catches abuses of memory which would
16 >>> otherwise be caught by executables emitted from a hardened toolchain.
17 >>> Take a look at the app-admin/paxtest suite.
18 >> Just to be clear, are we talking about potential system-wide breakage
19 >> or single, specific packages being broken by SSP? In other words, are
20 >> there cases when people will really want to disable SSP completely?
21 >>
22 >> Unless I'm misunderstanding something, your examples sound like you
23 >> just want -fno-stack-protector per-package. I don't really think you
24 >> actually want to rebuild whole gcc just to do some testing on a single
25 >> package...
26 >>
27 > Correct, you'd only want to turn off ssp per package and then only in
28 > rare cases. You should never have to rebuild gcc for this. With ssp on
29 > by default, gcc specs would add -fstack-protector to all builds. If you
30 > don't want a package build with ssp, then just do
31 > CFLAGS="-fno-stack-protector" and you're building without ssp.
32 >
33 This reads very much like "the nossp use flag is useless".
34
35 Not that Zorry needs to fix that (preexisting and all that) but it
36 sounds to me like it's safe to remove these types of use flags from
37 toolchain.
38
39 I'm really interested in dirtyepic's opinion though... sir?
40
41 Thanks,
42 Zero
43 -----BEGIN PGP SIGNATURE-----
44 Version: GnuPG v2.0.22 (GNU/Linux)
45 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
46
47 iQIcBAEBAgAGBQJSzy0dAAoJEKXdFCfdEflKZJEP/3P/Gq3sD6aB9XDcsLxUAVqC
48 vg10PuwhmNpJK6HiYO2F/C5TNv3J+hpkiYPDMgjChOTw+JvqGCeIYYKvKuumtIXV
49 fjnHDW9IRD8BGHlNFF9xx3sGV9VMPYDNICkK3oeNQJPlZOVSbnVEWsaTju/CEA7e
50 tMkeA93ULed9pSzSZ3OBAIwLH906Kh8hO+o/gcJDyBa9/tJrXKfS+jtd6zTMbVtO
51 8ruLjRUDTsYwt61uMFhV7R/eWlSagGIFDGbxop0JyhTZaB+zxvbm8wzmZck4Tc2J
52 HFO4A289zFBVZESaDA4SHAYJHQTSMND1fzAB8X4sPEwNebmLwOinneuA7XYVRsHW
53 svu/I3tUPjNTKimTSmjMySi7f+3QDYLIxQ8UY0PUCPKjdlNZMQruqCR52lTsjy8F
54 n0EpLMqodD61B+aCkkBpdrt1sx/BJ4AISq8R51yiJecujPoSk1oj5gG1aFOPK/mG
55 BIQqLL1c6TvbB4ECLVMh6YAfxRKcyCT8tlMZqu2rTRqtxQ+YlUnxwvIQV7ivQ5sL
56 M8eC/HjVjd0In9v5GVxePa3NFfwwuswnFipi2mivniajmZYi8M8avSVLpv54Kvi0
57 cAysdf/FP4WA+iVCd5J+MKGygKKSmbyYZ9IHyE4yCyCNK+0+ZZcFm9YNy9nx8rAJ
58 4ctTVxoCTtA+B9p3MBnL
59 =6a0w
60 -----END PGP SIGNATURE-----

Replies