Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: Daniel Goller <morfic@g.o>
To: solar@g.o
Cc: Ciaran McCreesh <ciaranm@g.o>, John Richard Moser <nigelenki@×××××××.net>, gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Stack smash protected daemons
Date: Thu, 23 Sep 2004 23:23:54
Message-Id: 41535C4A.50602@gentoo.org
In Reply to: Re: [gentoo-dev] Stack smash protected daemons by Ned Ludd
1 Ned Ludd wrote:
2
3 >First let me suggest some good reading on this topic.
4 >http://www.ida.liu.se/~johwi/research_publications/paper_ndss2003_john_wilander.pdf
5 >
6 >On Wed, 2004-09-22 at 20:27, Ciaran McCreesh wrote:
7 >
8 >
9 >>On Wed, 22 Sep 2004 20:11:54 -0400 Ned Ludd <solar@g.o> wrote:
10 >>| > Well then leave it turned off, but put a note about the availability
11 >>| > of the feature in the comments above FEATURES= in make.conf.
12 >>|
13 >>| With FEATURES="noautossp" the user would be free to disable it on
14 >>| their own accord but being a responsible distribution to the users and
15 >>| the computing world we would/should not.
16 >>
17 >>Personally, I would be *very* wary about giving our x86 users a 5%
18 >>performance hit
19 >>
20 >>
21 >
22 >Feel free to do some objective benchmarking.
23 >
24 >
25 >
26 >>just to enable a hack
27 >>
28 >>
29 >
30 >What's this hack your now speaking of frequently?
31 >
32 >
33
34 well for what it's worth im all for the on by default and disabled by
35 <inserttobedeterminedmachanismhere> solution
36
37 >
38 >
39 >>which might protect you if your
40 >>app happens to be badly coded in a particular way...
41 >>
42 >>
43 >
44 >Exactly see http://glsa.gentoo.org
45 >
46 >
47 >
48 >>The option's there
49 >>for anyone that wants it, but turning it on by default probably isn't
50 >>wise...
51 >>
52 >>
53 >
54 >For suids and/or services that bind listening ports?
55 >No the option is not really there for something like this.
56 >
57 >Do we have proper per package cflags yet?
58 >Answer = No.
59 >
60 >Is Nick ever going to add it?
61 >Answer = No.
62 >
63 >Can it be done?
64 >Answer = Yes. but it's a bitch todo and atleast one portage dev want to
65 >take away that ability.
66 >
67 >
68 >
69
70 --
71 gentoo-dev@g.o mailing list
Report Message
Find on MARC Find on Google Groups