1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
|
5 |
OK, there's too much arguing and not enough useful discussion going on |
6 |
here. I suggest if you go through with this that you start with the |
7 |
following in mind and build from there. |
8 |
|
9 |
1. Protect daemons and chmod +s programs |
10 |
|
11 |
For our purposes, let's define a daemon as any program which interacts |
12 |
with (processes data from) non-root processes, including processes from |
13 |
other machines. This would cover apache and ssh as well as anything |
14 |
that happened to provide services to the local box through SysV IPC or |
15 |
other mechanisms. |
16 |
|
17 |
2. Use a FEATURES flag to implement |
18 |
|
19 |
The FEATURES flag I've seen most suggested by persons other than me is |
20 |
'autossp'. This flag should cause a portage command (such as |
21 |
apply-autossp) to append -fstack-protector to CFLAGS. Optionally, |
22 |
'autosspall' should apply -fstack-protector-all. |
23 |
|
24 |
It's no secret that -fstack-protector-all breaks some programs that |
25 |
- -fstack-protector doesn't (i.e. Firefox, Thunderbird, Mozilla). In case |
26 |
of an 'autosspall' FEATURES flag and broken daemons, the 'apply-autossp |
27 |
no-all' command could tell apply-autossp to use -fstack-protector and |
28 |
NOT -fstack-protector-all. |
29 |
|
30 |
3. Is this on by default? |
31 |
|
32 |
It's believed by some of us, me included, to be sane to implement |
33 |
'autossp' by default. Personally, I'm against -fstack-protector-all |
34 |
('autosspall') by default; others may disagree. I do not have a strong |
35 |
understanding of the difference between -fstack-protector and -all; I |
36 |
know what they technically do, but not what the extra instrumentation |
37 |
code generated with -all will actually gain you. Others know more than I. |
38 |
|
39 |
Remember that if this is on by defaut, any user can add "-autossp" to |
40 |
FEATURES in make.conf. If it's genuinely harmless (I believe it is), |
41 |
there's really no point in making the user explicitely enable it. |
42 |
|
43 |
- -- |
44 |
gentoo-dev@g.o mailing list |
45 |
|
46 |
|
47 |
|
48 |
- -- |
49 |
All content of all messages exchanged herein are left in the |
50 |
Public Domain, unless otherwise explicitly stated. |
51 |
|
52 |
-----BEGIN PGP SIGNATURE----- |
53 |
Version: GnuPG v1.2.6 (GNU/Linux) |
54 |
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
55 |
|
56 |
iD8DBQFBUkqFhDd4aOud5P8RAgpqAJ9cUJczw09u8Fc2WxQwCn+1AVsy6QCfbhBK |
57 |
lBcaH1OZfs+5OcZR6f2V9hE= |
58 |
=1K/B |
59 |
-----END PGP SIGNATURE----- |
60 |
|
61 |
-- |
62 |
gentoo-dev@g.o mailing list |