1 |
Rich Freeman posted on Tue, 10 Sep 2013 21:17:33 -0400 as excerpted: |
2 |
|
3 |
> On Tue, Sep 10, 2013 at 6:41 PM, Richard Yao <ryao@g.o> wrote: |
4 |
>> 1. The kernel expects -fno-stack-protector to be the default. What will |
5 |
>> the effect be on kernel configuration once -fstack-protector is the |
6 |
>> default? |
7 |
> |
8 |
> Nothing, since the kernel build system doesn't source make.conf. If |
9 |
> somebody creates an ebuild that actually installs a kernel then it might |
10 |
> be an issue, though it could be filtered if it is a problem. |
11 |
|
12 |
If I'm not mistaken, dirtyepic intends to patch gcc directly to enable |
13 |
-fstack-protector, changing the default at that level so it'll be used |
14 |
unless -fno-stack-protector is in CFLAGS. At least, that's how I |
15 |
interpret (dirtyepic): |
16 |
|
17 |
"'filter-flags -fstack-protector [won't] actually work |
18 |
(we have to patch the compiler, not just add it to the |
19 |
default flags in the profiles or something)." |
20 |
|
21 |
Which means that yes, it WILL affect the kernel (and anything else |
22 |
separately compiled, unless -fno-stack-protector is given), since it'll |
23 |
then be the gentoo-patched gcc default, not in make.conf. |
24 |
|
25 |
(Tho jer points out that the parisc arch, among others, won't work with |
26 |
that flag at all, and warns to that effect. So I guess the patch will |
27 |
etiher be ifdeffed not to apply on such archs or will be conditionally |
28 |
applied in the first place. The former is I believe preferred as |
29 |
conditional patching is considered subpar.) |
30 |
|
31 |
I guess hardened should know what -fstack-protector does to the kernel, |
32 |
tho. |
33 |
|
34 |
But in any case it's certainly worth a news item when it happens, as |
35 |
people obviously build a lot of stuff with gcc independent of the tree, |
36 |
and I'm sure some of it will break if that becomes the default, so |
37 |
letting them know about it with a news item should help avoid at least |
38 |
/some/ of the resulting bugs from such a default-change. |
39 |
|
40 |
-- |
41 |
Duncan - List replies preferred. No HTML msgs. |
42 |
"Every nonfree program has a lord, a master -- |
43 |
and if you use the program, he is your master." Richard Stallman |