| 1 |
On 09/08/2013 08:06 PM, Ryan Hill wrote: |
| 2 |
> On Sat, 07 Sep 2013 19:08:57 -0400 |
| 3 |
> "Rick \"Zero_Chaos\" Farina" <zerochaos@g.o> wrote: |
| 4 |
> |
| 5 |
>> Personally I think this would be a great stepping stone. If we add |
| 6 |
>> - -fstack-protector to 4.8.1 it will improve security (only a little I |
| 7 |
>> know) and give us an idea of what issues we may have. After a short |
| 8 |
>> enjoyment of fixing any issues which come up we could more to |
| 9 |
>> - -fstack-protector-strong in 4.9. |
| 10 |
> |
| 11 |
> Okay it won't be available for 4.8.1. It's going to require a couple minor |
| 12 |
> glibc changes and a lot of testing. A bunch of packages stick workarounds |
| 13 |
> behind a hardened USE flag or do things like `filter-flags -fstack-protector` |
| 14 |
> which don't actually work (we have to patch the compiler, not just add it to |
| 15 |
> the default flags in the profiles or something). I need to check the |
| 16 |
> interactions with hardened's spec files. And I need to get 4.8.1 out the door |
| 17 |
> two weeks ago. Once we fix the fallout from the unmasking I'll get back to this. |
| 18 |
> |
| 19 |
> I also want to make a comment on the implications of this change that people |
| 20 |
> may not have considered. Bugs caused by -fstack-protector can no longer be |
| 21 |
> just dismissed as unsupported, invalid, or assigned to the hardened team and |
| 22 |
> forgotten about. You will be expected to fix them, and `append-flags |
| 23 |
> -fno-stack-protector` is not an acceptable fix. You can't champion for more |
| 24 |
> secure defaults and then just disable them when they get in your way. |
| 25 |
> |
| 26 |
> So does anyone have any objections to making -fstack-protector the default? |
| 27 |
> Now is the time to speak up. |
| 28 |
> |
| 29 |
> |
| 30 |
> |
| 31 |
> (and for the record I've changed my mind and would like to see this go forward, |
| 32 |
> so please stop emailing me) |
| 33 |
> |
| 34 |
> |
| 35 |
|
| 36 |
A few thoughts: |
| 37 |
|
| 38 |
1. The kernel expects -fno-stack-protector to be the default. What will |
| 39 |
the effect be on kernel configuration once -fstack-protector is the default? |
| 40 |
|
| 41 |
2. We should make sure that -fno-stack-protector is a supported CFLAG. |
| 42 |
This will make it easier to handle complaints from the vocal minority of |
| 43 |
our user base that want every last percentage point of performance. |
| 44 |
|
| 45 |
3. I would like to point out that we are talking about deviating from |
| 46 |
upstream behavior and everyone is okay with it. Anyone who thinks we |
| 47 |
should stick to upstream when it is not good for us should speak now or |
| 48 |
risk being asked "where were you when..." whenever they try to use |
| 49 |
upstream as an excuse to hold back progress. ;) |
Archives