1 |
On 09/08/2013 08:06 PM, Ryan Hill wrote: |
2 |
> On Sat, 07 Sep 2013 19:08:57 -0400 |
3 |
> "Rick \"Zero_Chaos\" Farina" <zerochaos@g.o> wrote: |
4 |
> |
5 |
>> Personally I think this would be a great stepping stone. If we add |
6 |
>> - -fstack-protector to 4.8.1 it will improve security (only a little I |
7 |
>> know) and give us an idea of what issues we may have. After a short |
8 |
>> enjoyment of fixing any issues which come up we could more to |
9 |
>> - -fstack-protector-strong in 4.9. |
10 |
> |
11 |
> Okay it won't be available for 4.8.1. It's going to require a couple minor |
12 |
> glibc changes and a lot of testing. A bunch of packages stick workarounds |
13 |
> behind a hardened USE flag or do things like `filter-flags -fstack-protector` |
14 |
> which don't actually work (we have to patch the compiler, not just add it to |
15 |
> the default flags in the profiles or something). I need to check the |
16 |
> interactions with hardened's spec files. And I need to get 4.8.1 out the door |
17 |
> two weeks ago. Once we fix the fallout from the unmasking I'll get back to this. |
18 |
> |
19 |
> I also want to make a comment on the implications of this change that people |
20 |
> may not have considered. Bugs caused by -fstack-protector can no longer be |
21 |
> just dismissed as unsupported, invalid, or assigned to the hardened team and |
22 |
> forgotten about. You will be expected to fix them, and `append-flags |
23 |
> -fno-stack-protector` is not an acceptable fix. You can't champion for more |
24 |
> secure defaults and then just disable them when they get in your way. |
25 |
> |
26 |
> So does anyone have any objections to making -fstack-protector the default? |
27 |
> Now is the time to speak up. |
28 |
> |
29 |
> |
30 |
> |
31 |
> (and for the record I've changed my mind and would like to see this go forward, |
32 |
> so please stop emailing me) |
33 |
> |
34 |
> |
35 |
|
36 |
A few thoughts: |
37 |
|
38 |
1. The kernel expects -fno-stack-protector to be the default. What will |
39 |
the effect be on kernel configuration once -fstack-protector is the default? |
40 |
|
41 |
2. We should make sure that -fno-stack-protector is a supported CFLAG. |
42 |
This will make it easier to handle complaints from the vocal minority of |
43 |
our user base that want every last percentage point of performance. |
44 |
|
45 |
3. I would like to point out that we are talking about deviating from |
46 |
upstream behavior and everyone is okay with it. Anyone who thinks we |
47 |
should stick to upstream when it is not good for us should speak now or |
48 |
risk being asked "where were you when..." whenever they try to use |
49 |
upstream as an excuse to hold back progress. ;) |