Gentoo Archives: gentoo-dev

From: John Richard Moser <nigelenki@×××××××.net>
To: John Richard Moser <nigelenki@×××××××.net>
Cc: gentoo-security@l.g.o, gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Stack smash protected daemons
Date: Thu, 23 Sep 2004 03:58:19
Message-Id: 41524A85.1020402@comcast.net
In Reply to: [gentoo-dev] Stack smash protected daemons by John Richard Moser
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4
5 OK, there's too much arguing and not enough useful discussion going on
6 here. I suggest if you go through with this that you start with the
7 following in mind and build from there.
8
9 1. Protect daemons and chmod +s programs
10
11 For our purposes, let's define a daemon as any program which interacts
12 with (processes data from) non-root processes, including processes from
13 other machines. This would cover apache and ssh as well as anything
14 that happened to provide services to the local box through SysV IPC or
15 other mechanisms.
16
17 2. Use a FEATURES flag to implement
18
19 The FEATURES flag I've seen most suggested by persons other than me is
20 'autossp'. This flag should cause a portage command (such as
21 apply-autossp) to append -fstack-protector to CFLAGS. Optionally,
22 'autosspall' should apply -fstack-protector-all.
23
24 It's no secret that -fstack-protector-all breaks some programs that
25 - -fstack-protector doesn't (i.e. Firefox, Thunderbird, Mozilla). In case
26 of an 'autosspall' FEATURES flag and broken daemons, the 'apply-autossp
27 no-all' command could tell apply-autossp to use -fstack-protector and
28 NOT -fstack-protector-all.
29
30 3. Is this on by default?
31
32 It's believed by some of us, me included, to be sane to implement
33 'autossp' by default. Personally, I'm against -fstack-protector-all
34 ('autosspall') by default; others may disagree. I do not have a strong
35 understanding of the difference between -fstack-protector and -all; I
36 know what they technically do, but not what the extra instrumentation
37 code generated with -all will actually gain you. Others know more than I.
38
39 Remember that if this is on by defaut, any user can add "-autossp" to
40 FEATURES in make.conf. If it's genuinely harmless (I believe it is),
41 there's really no point in making the user explicitely enable it.
42
43 - --
44 gentoo-dev@g.o mailing list
45
46
47
48 - --
49 All content of all messages exchanged herein are left in the
50 Public Domain, unless otherwise explicitly stated.
51
52 -----BEGIN PGP SIGNATURE-----
53 Version: GnuPG v1.2.6 (GNU/Linux)
54 Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
55
56 iD8DBQFBUkqFhDd4aOud5P8RAgpqAJ9cUJczw09u8Fc2WxQwCn+1AVsy6QCfbhBK
57 lBcaH1OZfs+5OcZR6f2V9hE=
58 =1K/B
59 -----END PGP SIGNATURE-----
60
61 --
62 gentoo-dev@g.o mailing list

Replies

Subject Author
Re: [gentoo-dev] Stack smash protected daemons John Richard Moser <nigelenki@×××××××.net>
Re: [gentoo-dev] Stack smash protected daemons Ned Ludd <solar@g.o>