public inbox for gentoo-amd64@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-amd64] Disable SPP On GCC-4.8.3
@ 2014-06-17  0:18 Frank Peters
  2014-06-17  7:11 ` [gentoo-amd64] " Duncan
  0 siblings, 1 reply; 32+ messages in thread
From: Frank Peters @ 2014-06-17  0:18 UTC (permalink / raw
  To: gentoo-amd64

Hello,

GCC-4.8.3 is now in the portage tree and it enables SSP, or Stack
Smashing Protection, by default.

I don't want SSP.  It can be disabled using the -fno-stack-protector
flag.

Checking the portage use.local.desc file, it seems a better way
to disable SSP is to specify the "nossp" USE flag for gcc.  With
this USE flag set, gcc will be built without SSP.

However the "nossp" USE flag has some sort of warning attached
to it in the use.local.desc file:

sys-devel/gcc:nossp - Disable SSP support (NOT FOR GENERAL USE)

What does this mean?  Is it safe to use the "nossp" USE flag to build gcc?

Frank Peters



^ permalink raw reply	[flat|nested] 32+ messages in thread

* [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-17  0:18 [gentoo-amd64] Disable SPP On GCC-4.8.3 Frank Peters
@ 2014-06-17  7:11 ` Duncan
  2014-06-17 13:04   ` Frank Peters
  2014-06-17 15:41   ` Slightly OT (Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3)k Barry Schwartz
  0 siblings, 2 replies; 32+ messages in thread
From: Duncan @ 2014-06-17  7:11 UTC (permalink / raw
  To: gentoo-amd64

Frank Peters posted on Mon, 16 Jun 2014 20:18:59 -0400 as excerpted:

> GCC-4.8.3 is now in the portage tree and it enables SSP, or Stack
> Smashing Protection, by default.
> 
> I don't want SSP.  It can be disabled using the -fno-stack-protector
> flag.
> 
> Checking the portage use.local.desc file, it seems a better way to
> disable SSP is to specify the "nossp" USE flag for gcc.  With this USE
> flag set, gcc will be built without SSP.
> 
> However the "nossp" USE flag has some sort of warning attached to it in
> the use.local.desc file:
> 
> sys-devel/gcc:nossp - Disable SSP support (NOT FOR GENERAL USE)
> 
> What does this mean?  Is it safe to use the "nossp" USE flag to build
> gcc?

Based on the discussions on the dev list, I believe the nossp USE flag 
was originally only for specific-case usage in the hardened profiles, and 
now will likely be expanded to the archs (like hppa I believe) where ssp 
doesn't work.  As such, I'd consider it quite likely that the flag will 
eventually be masked on general profiles, since the idea is to make gentoo 
a bit safer by enabling it in general, and disabling it only on archs 
where it is known not to work (hppa I believe, among others).

While it is of course possible to unmask such a flag and then use it, I'd 
consider strongly before you do as that puts you FAR out of tested gentoo 
mainstream.

That said, in theory at least it should "just work", since this is a 
change to the /gentoo/ gcc spec-file defaults, not upstream, and turning 
it off is simply turning off a newly default feature that has until now 
been off unless you specifically turned it on.

But I'd still strongly recommend adding the -fno-stack-protector to your 
CFLAGS, as that will continue to be supported by gentoo, while messing 
with gcc's nossp flag is not recommended and may result in bugs being 
closed INVALID or NEEDINFO (duplicate with the flag toggled before 
reopening), etc, as a result.

/That/ said, there's actually three levels of ssp now, with this one the 
lowest level, dropping performance very little while focusing protection 
on the functions that are easiest to abuse AND to protect.  Actually, as 
the news item states, the middle (strong but not all) option is the 
planned default for gcc 4.9.  That being the case, I'd at /least/ 
recommend this lower level of protection on at least the most critical 
functions where the performance cost is quite low in comparison to the 
benefit.  If you want to disable the strong-but-not-all default when it 
comes in 4.9, OK, but I'd suggest at least keeping this minimal threshold 
of protection, particularly since it /will/ be the default now and thus 
there should be if anything fewer problems with it than not.

But it's you're machine, and we'd not be gentooers if we didn't want to 
be king over the configuration of our own machines, so go to it if you 
are sure.  =:^)  Just do your research (perhaps you already have) and 
know exactly why you're doing it.

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-17  7:11 ` [gentoo-amd64] " Duncan
@ 2014-06-17 13:04   ` Frank Peters
  2014-06-17 14:11     ` Volker Armin Hemmann
                       ` (3 more replies)
  2014-06-17 15:41   ` Slightly OT (Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3)k Barry Schwartz
  1 sibling, 4 replies; 32+ messages in thread
From: Frank Peters @ 2014-06-17 13:04 UTC (permalink / raw
  To: gentoo-amd64

On Tue, 17 Jun 2014 07:11:26 +0000 (UTC)
Duncan <1i5t5.duncan@cox.net> wrote:

>  If you want to disable the strong-but-not-all default when it 
> comes in 4.9, OK, but I'd suggest at least keeping this minimal threshold 
> of protection, particularly since it /will/ be the default now and thus 
> there should be if anything fewer problems with it than not.
> 

The problem with all Linux distributions, and not just Gentoo, is that
they are directed toward a multi-user, networked environment.  As a
consequence, they exhibit security and other features that generally
make no sense whatsoever for a single-user desktop machine that optionally
connects externally only with an ISP through a router/modem.

I continually have configuration problems because of the need to
work around the useless (vis-a-vis the single-user desktop) and
myriad requirements of the multi-user, networked scenario.

In the single-user, desktop environment, the probability of a buffer
overflow "attack" is virtually nil, especially if one is highly selective
about "surfing" the Internet and employing Internet software (which
I am).

There needs to be a Linux distribution or sub-distribution that caters
to the needs of the single, desktop user, ensconced as he is within
his private garret and far removed from the troubles of a massive
network.  My system is configured in a way that is quite contrary
to recommended Linux practice (for example I run only and always as the
root superuser and have no need for file permissions) but yet it makes
perfect sense for my situation.

Are single desktop users that much of a minority?  I would hope not.

Frank Peters



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-17 13:04   ` Frank Peters
@ 2014-06-17 14:11     ` Volker Armin Hemmann
  2014-06-17 17:04       ` Volker Armin Hemmann
  2014-06-17 17:12       ` Frank Peters
  2014-06-17 17:05     ` Rich Freeman
                       ` (2 subsequent siblings)
  3 siblings, 2 replies; 32+ messages in thread
From: Volker Armin Hemmann @ 2014-06-17 14:11 UTC (permalink / raw
  To: gentoo-amd64

[-- Attachment #1: Type: text/plain, Size: 1991 bytes --]

A ) building gcc without spp does not disable spp for other packages.
B) spp is a good thing even for single user desktops.
C) i hate long answers without useful content.
D ) i hate the quoting of my phone.
Am 17.06.2014 15:05 schrieb "Frank Peters" <frank.peters@comcast.net>:

> On Tue, 17 Jun 2014 07:11:26 +0000 (UTC)
> Duncan <1i5t5.duncan@cox.net> wrote:
>
> >  If you want to disable the strong-but-not-all default when it
> > comes in 4.9, OK, but I'd suggest at least keeping this minimal threshold
> > of protection, particularly since it /will/ be the default now and thus
> > there should be if anything fewer problems with it than not.
> >
>
> The problem with all Linux distributions, and not just Gentoo, is that
> they are directed toward a multi-user, networked environment.  As a
> consequence, they exhibit security and other features that generally
> make no sense whatsoever for a single-user desktop machine that optionally
> connects externally only with an ISP through a router/modem.
>
> I continually have configuration problems because of the need to
> work around the useless (vis-a-vis the single-user desktop) and
> myriad requirements of the multi-user, networked scenario.
>
> In the single-user, desktop environment, the probability of a buffer
> overflow "attack" is virtually nil, especially if one is highly selective
> about "surfing" the Internet and employing Internet software (which
> I am).
>
> There needs to be a Linux distribution or sub-distribution that caters
> to the needs of the single, desktop user, ensconced as he is within
> his private garret and far removed from the troubles of a massive
> network.  My system is configured in a way that is quite contrary
> to recommended Linux practice (for example I run only and always as the
> root superuser and have no need for file permissions) but yet it makes
> perfect sense for my situation.
>
> Are single desktop users that much of a minority?  I would hope not.
>
> Frank Peters
>
>
>

[-- Attachment #2: Type: text/html, Size: 2462 bytes --]

^ permalink raw reply	[flat|nested] 32+ messages in thread

* Slightly OT (Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3)k
  2014-06-17  7:11 ` [gentoo-amd64] " Duncan
  2014-06-17 13:04   ` Frank Peters
@ 2014-06-17 15:41   ` Barry Schwartz
  1 sibling, 0 replies; 32+ messages in thread
From: Barry Schwartz @ 2014-06-17 15:41 UTC (permalink / raw
  To: gentoo-amd64

Duncan <1i5t5.duncan@cox.net> skribis:
> /That/ said, there's actually three levels of ssp now, with this one the 
> lowest level, dropping performance very little while focusing protection 
> on the functions that are easiest to abuse AND to protect.

I tend to keep out-of-the-box gcc on the side for development, though
that’s for a few perhaps peculiar reasons. (Partly to keep alive the
remote possibility of my trying out Gnat, which Gentoo doesn’t really
support. You need a running and perhaps recent Gnat to build Gnat.)

I consider SSP a good thing. It is an attempt to make up for C/C++
programming, which is a bad thing.


^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-17 14:11     ` Volker Armin Hemmann
@ 2014-06-17 17:04       ` Volker Armin Hemmann
  2014-06-17 18:47         ` Frank Peters
  2014-06-17 17:12       ` Frank Peters
  1 sibling, 1 reply; 32+ messages in thread
From: Volker Armin Hemmann @ 2014-06-17 17:04 UTC (permalink / raw
  To: gentoo-amd64

Am 17.06.2014 16:11, schrieb Volker Armin Hemmann:
>
> A ) building gcc without spp does not disable spp for other packages.
>

and I am wrong on that. nossp seems to disable ssp on general. Still not
a good idea.



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-17 13:04   ` Frank Peters
  2014-06-17 14:11     ` Volker Armin Hemmann
@ 2014-06-17 17:05     ` Rich Freeman
  2014-06-17 17:44       ` Barry Schwartz
  2014-06-17 20:28     ` thegeezer
  2014-06-18  3:31     ` Duncan
  3 siblings, 1 reply; 32+ messages in thread
From: Rich Freeman @ 2014-06-17 17:05 UTC (permalink / raw
  To: gentoo-amd64

On Tue, Jun 17, 2014 at 9:04 AM, Frank Peters <frank.peters@comcast.net> wrote:
>
> The problem with all Linux distributions, and not just Gentoo, is that
> they are directed toward a multi-user, networked environment.  As a
> consequence, they exhibit security and other features that generally
> make no sense whatsoever for a single-user desktop machine that optionally
> connects externally only with an ISP through a router/modem.
>...
> My system is configured in a way that is quite contrary
> to recommended Linux practice (for example I run only and always as the
> root superuser and have no need for file permissions) but yet it makes
> perfect sense for my situation.
>

Keep in mind that there are many elements to data security.  Not
beeing pwned by script kiddies is certainly one of them, and that
doesn't really apply so much to the single-user desktop.  However, if
you take a broader definition of data security then things become more
nuanced.

Let's define data security as "the prevention of unintended
destruction or dissemination of data stored on a system, or an
unintended loss of system functionality."

When you use a broader definition then security really ought to be
important to the single-user desktop.  Features that should be
considered important include:
* Disaster recovery / backups / etc.
* Prevention of unintentional system changes (ie don't be root)
* Robustness in the face of or rapid recovery from common failure
modes (ie RAID, rapid restoration, etc).
* Protection from whatever is lurking in that banner ad your browser
just downloaded (ie SSP/SELinux/etc).

So, I wouldn't be too quick to dismiss security.  My only
personally-owned laptop is a Chromebook and its features include being
trivial to restore to factory condition, having all data backed up
online continuously, having full-disk encryption, and having automatic
updates to keep all of that stuff working.  That certainly isn't the
only model for a desktop machine, but from a data-security standpoint
it is about as good as it gets, and it is the result of a design that
keeps security in mind.

Rich


^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-17 14:11     ` Volker Armin Hemmann
  2014-06-17 17:04       ` Volker Armin Hemmann
@ 2014-06-17 17:12       ` Frank Peters
  1 sibling, 0 replies; 32+ messages in thread
From: Frank Peters @ 2014-06-17 17:12 UTC (permalink / raw
  To: gentoo-amd64

On Tue, 17 Jun 2014 16:11:38 +0200
Volker Armin Hemmann <volkerarmin@googlemail.com> wrote:

> A ) building gcc without spp does not disable spp for other packages.
>

Not that I do not trust you, but I need to check this out.

Is there some other way to make SPP the non-default for all
packages?

Frank Peters



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-17 17:05     ` Rich Freeman
@ 2014-06-17 17:44       ` Barry Schwartz
  0 siblings, 0 replies; 32+ messages in thread
From: Barry Schwartz @ 2014-06-17 17:44 UTC (permalink / raw
  To: gentoo-amd64

Rich Freeman <rich0@gentoo.org> skribis:
> Keep in mind that there are many elements to data security.

Put simply, in the context of stack smashing, it consists of
protection against any form of program running astray, whether it does
so by design or not.

Someone running everything as superuser is in what you might call an
‘MSDOS’ situation -- presumably both knows that and finds the risks
acceptable. Turning off stack smashing protection makes sense to me,
in that case.



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-17 17:04       ` Volker Armin Hemmann
@ 2014-06-17 18:47         ` Frank Peters
  2014-06-17 19:04           ` Volker Armin Hemmann
                             ` (2 more replies)
  0 siblings, 3 replies; 32+ messages in thread
From: Frank Peters @ 2014-06-17 18:47 UTC (permalink / raw
  To: gentoo-amd64

On Tue, 17 Jun 2014 19:04:00 +0200
Volker Armin Hemmann <volkerarmin@googlemail.com> wrote:

> 
> nossp seems to disable ssp on general. Still not
> a good idea.
> 

I appreciate your concern but, all too often it seems, the notion
of "not a good idea" becomes "not a good idea therefore it should
be irrevocably disabled for everyone whether they want it or not."

An option should never become a law.

Frank Peters



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-17 18:47         ` Frank Peters
@ 2014-06-17 19:04           ` Volker Armin Hemmann
  2014-06-17 19:57           ` Barry Schwartz
  2014-06-17 22:47           ` Rich Freeman
  2 siblings, 0 replies; 32+ messages in thread
From: Volker Armin Hemmann @ 2014-06-17 19:04 UTC (permalink / raw
  To: gentoo-amd64

Am 17.06.2014 20:47, schrieb Frank Peters:
> On Tue, 17 Jun 2014 19:04:00 +0200
> Volker Armin Hemmann <volkerarmin@googlemail.com> wrote:
>
>> nossp seems to disable ssp on general. Still not
>> a good idea.
>>
> I appreciate your concern but, all too often it seems, the notion
> of "not a good idea" becomes "not a good idea therefore it should
> be irrevocably disabled for everyone whether they want it or not."
>
> An option should never become a law.
>
> Frank Peters
>
>
>

options increase the workload on devs&testers a lot.

So removing options makes sense in a way. Especially if it is about a
feature that should never be turned off.


^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-17 18:47         ` Frank Peters
  2014-06-17 19:04           ` Volker Armin Hemmann
@ 2014-06-17 19:57           ` Barry Schwartz
  2014-06-17 20:29             ` Volker Armin Hemmann
  2014-06-17 22:47           ` Rich Freeman
  2 siblings, 1 reply; 32+ messages in thread
From: Barry Schwartz @ 2014-06-17 19:57 UTC (permalink / raw
  To: gentoo-amd64

Frank Peters <frank.peters@comcast.net> skribis:
> I appreciate your concern but, all too often it seems, the notion
> of "not a good idea" becomes "not a good idea therefore it should
> be irrevocably disabled for everyone whether they want it or not."

Yeah, that seems to be common.

There is a tug-of-war between the idea of Gentoo as (a) an OS like the
usual suspects except you can easily compile it yourself and (b) a
framework for rolling your own OS. I lean in preference towards (b).

(The xLFSes are suffering from the same tug-of-war.)


^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-17 13:04   ` Frank Peters
  2014-06-17 14:11     ` Volker Armin Hemmann
  2014-06-17 17:05     ` Rich Freeman
@ 2014-06-17 20:28     ` thegeezer
  2014-06-17 21:01       ` Frank Peters
  2014-06-18  3:31     ` Duncan
  3 siblings, 1 reply; 32+ messages in thread
From: thegeezer @ 2014-06-17 20:28 UTC (permalink / raw
  To: gentoo-amd64

On 06/17/2014 02:04 PM, Frank Peters wrote:
> In the single-user, desktop environment, the probability of a buffer
> overflow "attack" is virtually nil, especially if one is highly
> selective about "surfing" the Internet and employing Internet software
> (which I am). There needs to be a Linux distribution or
> sub-distribution that caters to the needs of the single, desktop user,
> ensconced as he is within his private garret and far removed from the
> troubles of a massive network. 

howdy, just out of curiosity what benefits do you gain from disabling ssp ?
is there a speed concern or resource issue ?


^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-17 19:57           ` Barry Schwartz
@ 2014-06-17 20:29             ` Volker Armin Hemmann
  2014-06-17 20:51               ` Barry Schwartz
  2014-06-17 20:56               ` Frank Peters
  0 siblings, 2 replies; 32+ messages in thread
From: Volker Armin Hemmann @ 2014-06-17 20:29 UTC (permalink / raw
  To: gentoo-amd64

Am 17.06.2014 21:57, schrieb Barry Schwartz:
> Frank Peters <frank.peters@comcast.net> skribis:
>> I appreciate your concern but, all too often it seems, the notion
>> of "not a good idea" becomes "not a good idea therefore it should
>> be irrevocably disabled for everyone whether they want it or not."
> Yeah, that seems to be common.
>
> There is a tug-of-war between the idea of Gentoo as (a) an OS like the
> usual suspects except you can easily compile it yourself and (b) a
> framework for rolling your own OS. I lean in preference towards (b).
>
> (The xLFSes are suffering from the same tug-of-war.)
>
>

so make yourself an overlay, put an ebuild with apropriate patches there
and be happy.


^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-17 20:29             ` Volker Armin Hemmann
@ 2014-06-17 20:51               ` Barry Schwartz
  2014-06-17 21:10                 ` Volker Armin Hemmann
  2014-06-17 20:56               ` Frank Peters
  1 sibling, 1 reply; 32+ messages in thread
From: Barry Schwartz @ 2014-06-17 20:51 UTC (permalink / raw
  To: gentoo-amd64

Volker Armin Hemmann <volkerarmin@googlemail.com> skribis:
> Am 17.06.2014 21:57, schrieb Barry Schwartz:
> > Frank Peters <frank.peters@comcast.net> skribis:
> >> I appreciate your concern but, all too often it seems, the notion
> >> of "not a good idea" becomes "not a good idea therefore it should
> >> be irrevocably disabled for everyone whether they want it or not."
> > Yeah, that seems to be common.
> >
> > There is a tug-of-war between the idea of Gentoo as (a) an OS like the
> > usual suspects except you can easily compile it yourself and (b) a
> > framework for rolling your own OS. I lean in preference towards (b).
> >
> > (The xLFSes are suffering from the same tug-of-war.)
> 
> so make yourself an overlay, put an ebuild with apropriate patches there
> and be happy.

I have _more than one_ overlay, hosted on Bitbucket.

Please try to be nice about this. Is it not even acceptable to discuss
that there is such a tug-of-war?  Should discussions about the
balances of pros and cons in Gentoo take place in ‘discussion
overlays’?



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-17 20:29             ` Volker Armin Hemmann
  2014-06-17 20:51               ` Barry Schwartz
@ 2014-06-17 20:56               ` Frank Peters
  2014-06-17 21:02                 ` Barry Schwartz
  1 sibling, 1 reply; 32+ messages in thread
From: Frank Peters @ 2014-06-17 20:56 UTC (permalink / raw
  To: gentoo-amd64

On Tue, 17 Jun 2014 22:29:40 +0200
Volker Armin Hemmann <volkerarmin@googlemail.com> wrote:

> 
> so make yourself an overlay, put an ebuild with apropriate patches there
> and be happy.
> 

Now that is excellent advice.

I've got to get working on this for myself ASAP.

Frank Peters



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-17 20:28     ` thegeezer
@ 2014-06-17 21:01       ` Frank Peters
       [not found]         ` <20140617213852.GA12511@crud>
  0 siblings, 1 reply; 32+ messages in thread
From: Frank Peters @ 2014-06-17 21:01 UTC (permalink / raw
  To: gentoo-amd64

On Tue, 17 Jun 2014 21:28:14 +0100
thegeezer <thegeezer@thegeezer.net> wrote:

> 
> howdy, just out of curiosity what benefits do you gain from disabling ssp ?
> is there a speed concern or resource issue ?
> 

Every routine that is not explicitly declared in-line will necessitate
setting up a stack frame which is costly enough already.

With SSP every subroutine call will require an additional reading from
/dev/urandom to set up the "canary" value.  This my also deplete the
kernel entropy pool.

If you want it take it but please allow me to opt out.

Frank Peters



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-17 20:56               ` Frank Peters
@ 2014-06-17 21:02                 ` Barry Schwartz
  2014-06-17 21:22                   ` Barry Schwartz
  0 siblings, 1 reply; 32+ messages in thread
From: Barry Schwartz @ 2014-06-17 21:02 UTC (permalink / raw
  To: gentoo-amd64

Frank Peters <frank.peters@comcast.net> skribis:
> On Tue, 17 Jun 2014 22:29:40 +0200
> Volker Armin Hemmann <volkerarmin@googlemail.com> wrote:
> 
> > 
> > so make yourself an overlay, put an ebuild with apropriate patches there
> > and be happy.
> > 
> 
> Now that is excellent advice.
> 
> I've got to get working on this for myself ASAP.

I’d recommend it. Have been doing it for years, and it is well
supported these days.

I happen to agree that in this case it is the appropriate approach.



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-17 20:51               ` Barry Schwartz
@ 2014-06-17 21:10                 ` Volker Armin Hemmann
  0 siblings, 0 replies; 32+ messages in thread
From: Volker Armin Hemmann @ 2014-06-17 21:10 UTC (permalink / raw
  To: gentoo-amd64

Am 17.06.2014 22:51, schrieb Barry Schwartz:
> Volker Armin Hemmann <volkerarmin@googlemail.com> skribis:
>> Am 17.06.2014 21:57, schrieb Barry Schwartz:
>>> Frank Peters <frank.peters@comcast.net> skribis:
>>>> I appreciate your concern but, all too often it seems, the notion
>>>> of "not a good idea" becomes "not a good idea therefore it should
>>>> be irrevocably disabled for everyone whether they want it or not."
>>> Yeah, that seems to be common.
>>>
>>> There is a tug-of-war between the idea of Gentoo as (a) an OS like the
>>> usual suspects except you can easily compile it yourself and (b) a
>>> framework for rolling your own OS. I lean in preference towards (b).
>>>
>>> (The xLFSes are suffering from the same tug-of-war.)
>> so make yourself an overlay, put an ebuild with apropriate patches there
>> and be happy.
> I have _more than one_ overlay, hosted on Bitbucket.

I don't. I do not see the need.

>
> Please try to be nice about this. Is it not even acceptable to discuss
> that there is such a tug-of-war?  Should discussions about the
> balances of pros and cons in Gentoo take place in ‘discussion
> overlays’?
>
>
>

Was this thread started to 'discuss' something? No? Then why do you feel
the need to start one?

Especially about something like ssp that hardly anybody should want to
turn off?

And I am nice. At the moment.



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-17 21:02                 ` Barry Schwartz
@ 2014-06-17 21:22                   ` Barry Schwartz
  0 siblings, 0 replies; 32+ messages in thread
From: Barry Schwartz @ 2014-06-17 21:22 UTC (permalink / raw
  To: gentoo-amd64

I wrote:
> Frank Peters <frank.peters@comcast.net> skribis:
> > On Tue, 17 Jun 2014 22:29:40 +0200
> > Volker Armin Hemmann <volkerarmin@googlemail.com> wrote:
> > 
> > > 
> > > so make yourself an overlay, put an ebuild with apropriate patches there
> > > and be happy.
> > > 
> > 
> > Now that is excellent advice.
> > 
> > I've got to get working on this for myself ASAP.
> 
> I’d recommend it. Have been doing it for years, and it is well
> supported these days.
> 
> I happen to agree that in this case it is the appropriate approach.

BTW it probably helps to be aware that (unless things have changed
since I was using an overlay for it) new gcc ebuilds come through the
‘hardened’ overlay. IMO they are probably the best qualified for the
job, generally speaking.



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
       [not found]         ` <20140617213852.GA12511@crud>
@ 2014-06-17 22:21           ` Frank Peters
  2014-06-17 22:56             ` Barry Schwartz
  0 siblings, 1 reply; 32+ messages in thread
From: Frank Peters @ 2014-06-17 22:21 UTC (permalink / raw
  To: gentoo-amd64

On Tue, 17 Jun 2014 16:38:52 -0500
Barry Schwartz <chemoelectric@chemoelectric.org> wrote:

> ... programs
> having been written in the wrong languages to start with. (I mean,
> where buffer overruns come from isn’t hard to figure out. They come
> from using C and C++ to write the code.)
> 

Wrong language?  I won't even touch this.  If I did, it would likely
escalate to a savage exchange on the philosophy of programming.

Since I "cut my teeth" on assembly language, I have an undying fondness
for C.  Yet the universal trend is to leave the actual machine behind
and embrace the lofty abstractions of object oriented languages.
Indeed, a good deal of computing power today is used to support the massive
layers of abstraction that obliterate a sense of hardware and make life
easy for the programmer. 

But I've said enough already.

Frank Peters



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-17 18:47         ` Frank Peters
  2014-06-17 19:04           ` Volker Armin Hemmann
  2014-06-17 19:57           ` Barry Schwartz
@ 2014-06-17 22:47           ` Rich Freeman
  2014-06-18  1:01             ` Barry Schwartz
  2 siblings, 1 reply; 32+ messages in thread
From: Rich Freeman @ 2014-06-17 22:47 UTC (permalink / raw
  To: gentoo-amd64

On Tue, Jun 17, 2014 at 2:47 PM, Frank Peters <frank.peters@comcast.net> wrote:
> On Tue, 17 Jun 2014 19:04:00 +0200
> Volker Armin Hemmann <volkerarmin@googlemail.com> wrote:
>
>>
>> nossp seems to disable ssp on general. Still not
>> a good idea.
>>
>
> I appreciate your concern but, all too often it seems, the notion
> of "not a good idea" becomes "not a good idea therefore it should
> be irrevocably disabled for everyone whether they want it or not."
>

Usually use flags that are discouraged are intended mainly to solve
limitations in how we express dependencies/etc.  It isn't that we
don't want users to use them, but more that in the future we might
change how they work and they could go away, causing trouble for those
who depend on them.  Think of them as unintentionally-exposed private
interfaces.

If there is something you want to do and there isn't a supported way
to do it, feel free to discuss/ suggest/ beg/ etc.

But, if you're told that doing something in a particular way isn't a
good idea, be sure you understand why before you do it anyway.  :)

Rich


^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-17 22:21           ` Frank Peters
@ 2014-06-17 22:56             ` Barry Schwartz
  0 siblings, 0 replies; 32+ messages in thread
From: Barry Schwartz @ 2014-06-17 22:56 UTC (permalink / raw
  To: gentoo-amd64

Frank Peters <frank.peters@comcast.net> skribis:
> Subject: Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
> From: Frank Peters <frank.peters@comcast.net>
> Reply-to: gentoo-amd64@lists.gentoo.org
> Date: Tue, 17 Jun 2014 18:21:05 -0400
> To: gentoo-amd64@lists.gentoo.org
> 
> On Tue, 17 Jun 2014 16:38:52 -0500
> Barry Schwartz <chemoelectric@chemoelectric.org> wrote:
> 
> > ... programs
> > having been written in the wrong languages to start with. (I mean,
> > where buffer overruns come from isn’t hard to figure out. They come
> > from using C and C++ to write the code.)
> > 
> 
> Wrong language?  I won't even touch this.  If I did, it would likely
> escalate to a savage exchange on the philosophy of programming.
> 
> Since I "cut my teeth" on assembly language, I have an undying fondness
> for C.  Yet the universal trend is to leave the actual machine behind
> and embrace the lofty abstractions of object oriented languages.
> Indeed, a good deal of computing power today is used to support the massive
> layers of abstraction that obliterate a sense of hardware and make life
> easy for the programmer. 
> 
> But I've said enough already.
> 
> Frank Peters
> 
> 

I cut my teeth on a TRS-80 with TBUG. Not even an assembler.



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-17 22:47           ` Rich Freeman
@ 2014-06-18  1:01             ` Barry Schwartz
  2014-06-18  1:15               ` Mark Knecht
  0 siblings, 1 reply; 32+ messages in thread
From: Barry Schwartz @ 2014-06-18  1:01 UTC (permalink / raw
  To: gentoo-amd64

Rich Freeman <rich0@gentoo.org> skribis:
> Usually use flags that are discouraged are intended mainly to solve
> limitations in how we express dependencies/etc.  It isn't that we
> don't want users to use them, but more that in the future we might
> change how they work and they could go away, causing trouble for those
> who depend on them.  Think of them as unintentionally-exposed private
> interfaces.

My view on this current problem is that, given -fno-stack-protector in
the make.conf works nearly everywhere, there isn’t a problem as far as
building the OS is concerned. As for a ‘user compiler’, this seems not
to be a serious change, either.

(An example of actually making life harder for a user are the
default-settings changes in Debian’s GNU linker. They make it harder
than with stock GNU to construct dynamic plugins.)


^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-18  1:01             ` Barry Schwartz
@ 2014-06-18  1:15               ` Mark Knecht
  2014-06-18  1:44                 ` Barry Schwartz
  0 siblings, 1 reply; 32+ messages in thread
From: Mark Knecht @ 2014-06-18  1:15 UTC (permalink / raw
  To: Gentoo AMD64

On Tue, Jun 17, 2014 at 6:01 PM, Barry Schwartz
<chemoelectric@chemoelectric.org> wrote:
> Rich Freeman <rich0@gentoo.org> skribis:
>> Usually use flags that are discouraged are intended mainly to solve
>> limitations in how we express dependencies/etc.  It isn't that we
>> don't want users to use them, but more that in the future we might
>> change how they work and they could go away, causing trouble for those
>> who depend on them.  Think of them as unintentionally-exposed private
>> interfaces.
>
> My view on this current problem is that, given -fno-stack-protector in
> the make.conf works nearly everywhere, there isn’t a problem as far as
> building the OS is concerned. As for a ‘user compiler’, this seems not
> to be a serious change, either.
>
> (An example of actually making life harder for a user are the
> default-settings changes in Debian’s GNU linker. They make it harder
> than with stock GNU to construct dynamic plugins.)
>

As this topic is on-going, let my ask about -fno-stack-protector. I
haven't messed with my build flags in literally years, and certainly
not since I built this machine in 2010 where I only use CFLAGS="-O2
-march=native -pipe" . WRT to -fno-stack-protector does enabling a
flag like that in make.conf then trigger a requirement to rebuild
everything (emerge -e @world) or can one turn it on and just update
the machine package-by-package over time?

- Mark


^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-18  1:15               ` Mark Knecht
@ 2014-06-18  1:44                 ` Barry Schwartz
  2014-06-18  1:59                   ` Mark Knecht
  0 siblings, 1 reply; 32+ messages in thread
From: Barry Schwartz @ 2014-06-18  1:44 UTC (permalink / raw
  To: gentoo-amd64

Mark Knecht <markknecht@gmail.com> skribis:
> As this topic is on-going, let my ask about -fno-stack-protector. I
> haven't messed with my build flags in literally years, and certainly
> not since I built this machine in 2010 where I only use CFLAGS="-O2
> -march=native -pipe" . WRT to -fno-stack-protector does enabling a
> flag like that in make.conf then trigger a requirement to rebuild
> everything (emerge -e @world) or can one turn it on and just update
> the machine package-by-package over time?

If you _do not_ enable -fno-stack-protector you will get packages
updated over time, once you start using 4.8.3+ as your system
compiler. Enabling -fno-stack-protector is the way to keep things the
same.



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-18  1:44                 ` Barry Schwartz
@ 2014-06-18  1:59                   ` Mark Knecht
  0 siblings, 0 replies; 32+ messages in thread
From: Mark Knecht @ 2014-06-18  1:59 UTC (permalink / raw
  To: Gentoo AMD64

On Tue, Jun 17, 2014 at 6:44 PM, Barry Schwartz
<chemoelectric@chemoelectric.org> wrote:
> Mark Knecht <markknecht@gmail.com> skribis:
>> As this topic is on-going, let my ask about -fno-stack-protector. I
>> haven't messed with my build flags in literally years, and certainly
>> not since I built this machine in 2010 where I only use CFLAGS="-O2
>> -march=native -pipe" . WRT to -fno-stack-protector does enabling a
>> flag like that in make.conf then trigger a requirement to rebuild
>> everything (emerge -e @world) or can one turn it on and just update
>> the machine package-by-package over time?
>
> If you _do not_ enable -fno-stack-protector you will get packages
> updated over time, once you start using 4.8.3+ as your system
> compiler. Enabling -fno-stack-protector is the way to keep things the
> same.
>
Thanks for the clarifications Barry.
Cheers,
Mark


^ permalink raw reply	[flat|nested] 32+ messages in thread

* [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-17 13:04   ` Frank Peters
                       ` (2 preceding siblings ...)
  2014-06-17 20:28     ` thegeezer
@ 2014-06-18  3:31     ` Duncan
  2014-06-18  4:45       ` Frank Peters
  3 siblings, 1 reply; 32+ messages in thread
From: Duncan @ 2014-06-18  3:31 UTC (permalink / raw
  To: gentoo-amd64

Frank Peters posted on Tue, 17 Jun 2014 09:04:34 -0400 as excerpted:

> The problem with all Linux distributions, and not just Gentoo, is that
> they are directed toward a multi-user, networked environment.  As a
> consequence, they exhibit security and other features that generally
> make no sense whatsoever for a single-user desktop machine that
> optionally connects externally only with an ISP through a router/modem.

> In the single-user, desktop environment, the probability of a buffer
> overflow "attack" is virtually nil, especially if one is highly
> selective about "surfing" the Internet and employing Internet software
> (which I am).

> My system is configured in a way that is quite contrary to recommended
> Linux practice (for example I run only and always as the root superuser
> and have no need for file permissions) but yet it makes perfect sense
> for my situation.
> 
> Are single desktop users that much of a minority?  I would hope not.

While I strongly disagree with your position, I equally strongly respect 
you for knowing what you want and sticking to it.  As I said earlier, 
gentoo wouldn't be gentoo if it didn't both allow such a thing and make 
it reasonably easy by exposing and automating the tools necessary to do 
such things, and that sort of individualism is /exactly/ what gentoo is 
about. =:^)

As to the disagreement, I guess I'm a single-human-user desktop system 
user too.  But I recognize the benefits of running various daemons as 
their own (non-human) user, for instance, and in fact, I've gone to some 
lengths to setup two entirely separate user accounts, a generic user 
account and a sysadmin account, so I don't have to "take the name of root 
in vain" when I have my sysadmin hat on.

My normal user is deliberately quite restricted, only a very few 
restricted sudo commands available, etc.  It's the only one that runs X.  
One of the few things that user CAN do, however, is sudo (with password) 
to the admin user.

The admin user in turn has unrestricted passwordless sudo, but does NOT 
operate as root /without/ that sudo.   Running as the admin user, among 
other things I avoid live-editing a potentially damaging command (like 
rming a system file) as root -- I type the command in and initially run 
it as the unprivileged admin user.  Of course then the risky command 
fails with a permissions error, but in so doing it lets me see exactly 
what it WOULD have done (which files it would rm, etc).  If and only if 
it's the file(s) that I intended (and ONLY those files), I can quickly 
uparrow to bring the command back, hit home and add the sudo, to run the 
command for real.  But that admin user doesn't run X, nor can I su or sudo 
any X-based apps as root, from my normal X-using user.  Superuser is 
strictly limited to the commandline, and even then, I normally don't run 
a full shell as superuser, instead only executing specific commands as 
superuser using sudo.

So quite in contrast to you, I don't normally even escalate to superuser 
even when I'm doing admin tasks, except for specific commands.  But sudo 
and sudoedit (which I have aliased to simply s and se, respectively, with 
an smc for sudo mc, as another frequently used alias) are tools I use all 
the time.

Meanwhile, as rich0 already alluded to, several of the recent malware 
incidents have been propagated via otherwise legitimate ad-networks, 
placing vuln-trigger ads on otherwise legitimate and widely respected web 
sites.  If you're running ads on your favorite news site, you're 
potentially vulnerable, as that's specifically the channel of attack 
they're using these days.

Now of course I run noscript and request-policy, both set to whitelist 
mode, blacklisting all off-site scripts and all site-to-site-connections 
except those that I've specifically allowed, and I also run privoxy, so I 
don't tend to see many ads.  And I don't actually have any plugins 
registered either and DEFINITELY no servantware such as flash, another 
typical malware-injection method.

But that doesn't mean I don't appreciate stack-smashing protection and 
the like for my browser, and in fact, every time /any/ program segfaults 
or the like, I find myself quickly evaluating the chance that said 
segfault was due to a buffer overflow, what might have triggered it, the 
data I was working on at the time and where it came from, and the 
potential risk of malware injection.  So I'm certainly appreciating this 
SSP here as I appreciate the lowering of risk profile it brings! =:^)

But obviously your use-case and mine are about as contrasted as they 
could be even if we're both running single-human-user desktop systems; 
you're running as root all the time, while I try not to even run a shell 
as root.  You don't care about SSP and the like, while I definitely 
appreciate the lower risk profile and spend a significant amount of my 
time educating myself on current security issues and actively avoiding 
things that might increase my risk profile.

But as I said, I can and do still respect that.  You have every right to 
run that way if you like, and gentoo even tends to make it easier for you 
to do so. =:^)

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-18  3:31     ` Duncan
@ 2014-06-18  4:45       ` Frank Peters
       [not found]         ` <20140618050635.GA14626@crud>
  2014-06-18  6:49         ` Duncan
  0 siblings, 2 replies; 32+ messages in thread
From: Frank Peters @ 2014-06-18  4:45 UTC (permalink / raw
  To: gentoo-amd64

On Wed, 18 Jun 2014 03:31:30 +0000 (UTC)
Duncan <1i5t5.duncan@cox.net> wrote:

> 
> While I strongly disagree with your position, I equally strongly respect 
> you for knowing what you want and sticking to it ...
> 
> As to the disagreement, I guess I'm a single-human-user desktop system 
> user too.  But I recognize the benefits of running various daemons as 
> their own (non-human) user ...
> 
> So quite in contrast to you, I don't normally even escalate to superuser 
> even when I'm doing admin tasks ...
>

It's amazing how people become nearly apoplectic whenever they encounter
a case of a user running entirely as root.

For me it's no big deal.  I've been doing it happily, and without problem,
since since 1997 (when I first discovered Linux).  It also un-complicates
things greatly.

For me there is only one user, and that's the guy who owns and operates
the machine (root). What could be simpler?

But I've learned not to discuss such behavior with others.  They will
always react in alarmist ways.

I won't even mention that, until recently, I used to boot my machine
directly into a bash shell, skipping all that SysV (or other) initialization
nonsense.  Fortunately, the Linux kernel allows one to do just that.
It always has and hopefully always will.  Booting into bash is very
simple.  All that is required is to define some environmental variables
in the bashrc and one is good to go.  All other configuration can
be done as needed (or if needed).  This is Linux at its very best, IMO.

But, as I already indicated, these things cannot be freely discussed.
People will react strongly and begin to adduce all sorts of reasons
why such behavior is dangerous.  So, for me, it is always a case of don't
talk and don't listen.

Frank Peters



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
       [not found]         ` <20140618050635.GA14626@crud>
@ 2014-06-18  5:24           ` Frank Peters
  2014-06-18  5:37             ` Barry Schwartz
  0 siblings, 1 reply; 32+ messages in thread
From: Frank Peters @ 2014-06-18  5:24 UTC (permalink / raw
  To: gentoo-amd64

On Wed, 18 Jun 2014 00:06:35 -0500
Barry Schwartz <chemoelectric@chemoelectric.org> wrote:

> Frank Peters <frank.peters@comcast.net> skribis:
> It's amazing how people become nearly apoplectic whenever they encounter
> a case of a user running entirely as root.

> 
> It’s no worse than running MSDOS, and it’s
> typical practice when running from, for instance, a rescue disk. The
> main risk is accidentally deleting or overwriting things, not
> break-ins.
> 

You can completely eliminate accidental deletions or overwrites
as root by using the extended file attributes.  For example, on
an ext2/3/4 file system, the command "chattr +i files..." will
prevent all modifications, links, deletions, or overwrites to the
selected files.  The "i" attribute is the "immutable" attribute
and is very nice to have.

To delete such files just clear the "i" bit.  (I have set up
a script in Midnight Commander where I can render files
immutable or mutable with a quick keystroke.)

Frank Peters



^ permalink raw reply	[flat|nested] 32+ messages in thread

* Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-18  5:24           ` Frank Peters
@ 2014-06-18  5:37             ` Barry Schwartz
  0 siblings, 0 replies; 32+ messages in thread
From: Barry Schwartz @ 2014-06-18  5:37 UTC (permalink / raw
  To: gentoo-amd64

Frank Peters <frank.peters@comcast.net> skribis:
> You can completely eliminate accidental deletions or overwrites
> as root by using the extended file attributes.  For example, on
> an ext2/3/4 file system, the command "chattr +i files..." will
> prevent all modifications, links, deletions, or overwrites to the
> selected files.  The "i" attribute is the "immutable" attribute
> and is very nice to have.

Sure. And I have extended file attributes turned on all over the
place, because I use the draft Posix ACLs in spots. Particularly for
the local repos of my Gentoo overlays.


^ permalink raw reply	[flat|nested] 32+ messages in thread

* [gentoo-amd64] Re: Disable SPP On GCC-4.8.3
  2014-06-18  4:45       ` Frank Peters
       [not found]         ` <20140618050635.GA14626@crud>
@ 2014-06-18  6:49         ` Duncan
  1 sibling, 0 replies; 32+ messages in thread
From: Duncan @ 2014-06-18  6:49 UTC (permalink / raw
  To: gentoo-amd64

Frank Peters posted on Wed, 18 Jun 2014 00:45:35 -0400 as excerpted:

> I won't even mention that, until recently, I used to boot my machine
> directly into a bash shell, skipping all that SysV (or other)
> initialization nonsense.  Fortunately, the Linux kernel allows one to do
> just that.
> It always has and hopefully always will.  Booting into bash is very
> simple.  All that is required is to define some environmental variables
> in the bashrc and one is good to go.  All other configuration can be
> done as needed (or if needed).  This is Linux at its very best, IMO.

Now that I can definitely agree with.  I actually have a grub (grub2) 
option that adds init=/bin/bash to the kernel commandline, so I don't 
have to add it manually (at the grub CLI), and depend on it continuing to 
work as an emergency maintenance tool.

It works rather well, actually.  And I believe it's relatively common in 
the embedded world to boot directly to a dedicated shell script as init, 
particularly if they've only a few special purpose commands to run.  In 
that case it's a lot simpler and easier to maintain than a full "proper" 
init-system, and generally rather smaller, as well.

And FWIW I've seen people do single-purpose LiveISOs that boot directly 
into a game or movie player or whatever, too.  Certainly to one coming 
from the MS world it can seem really quite amazing how flexible Linux is 
in this regard. 

Meanwhile, many initr* setups do pretty much exactly that as well, 
booting to a big shell script that runs udev and otherwise sets up the 
initr* emergency platform in case the main root doesn't mount, before 
mounting the main root and doing a pivot-root into it as it hands off to 
the main root init.

And booting direct to a bash shell prompt as init makes a lot of sense in 
other cases where the needed setup is simple enough that a "proper" init 
doesn't make sense, too.

While my main system here is running enough daemons and etc, plus I 
actually make use of systemd's ability to babysit and restart services, 
that replacing it all with a big shell script would be brittle and 
complex to maintain in comparison to actually using an init system 
properly designed for that purpose, IIRC my router (running openwrt, tho 
it's an old installation that I need to update one of these days) 
actually boots to a shell script as init, and it really does make a lot 
of sense at that level.

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman



^ permalink raw reply	[flat|nested] 32+ messages in thread

end of thread, other threads:[~2014-06-18  6:50 UTC | newest]

Thread overview: 32+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-06-17  0:18 [gentoo-amd64] Disable SPP On GCC-4.8.3 Frank Peters
2014-06-17  7:11 ` [gentoo-amd64] " Duncan
2014-06-17 13:04   ` Frank Peters
2014-06-17 14:11     ` Volker Armin Hemmann
2014-06-17 17:04       ` Volker Armin Hemmann
2014-06-17 18:47         ` Frank Peters
2014-06-17 19:04           ` Volker Armin Hemmann
2014-06-17 19:57           ` Barry Schwartz
2014-06-17 20:29             ` Volker Armin Hemmann
2014-06-17 20:51               ` Barry Schwartz
2014-06-17 21:10                 ` Volker Armin Hemmann
2014-06-17 20:56               ` Frank Peters
2014-06-17 21:02                 ` Barry Schwartz
2014-06-17 21:22                   ` Barry Schwartz
2014-06-17 22:47           ` Rich Freeman
2014-06-18  1:01             ` Barry Schwartz
2014-06-18  1:15               ` Mark Knecht
2014-06-18  1:44                 ` Barry Schwartz
2014-06-18  1:59                   ` Mark Knecht
2014-06-17 17:12       ` Frank Peters
2014-06-17 17:05     ` Rich Freeman
2014-06-17 17:44       ` Barry Schwartz
2014-06-17 20:28     ` thegeezer
2014-06-17 21:01       ` Frank Peters
     [not found]         ` <20140617213852.GA12511@crud>
2014-06-17 22:21           ` Frank Peters
2014-06-17 22:56             ` Barry Schwartz
2014-06-18  3:31     ` Duncan
2014-06-18  4:45       ` Frank Peters
     [not found]         ` <20140618050635.GA14626@crud>
2014-06-18  5:24           ` Frank Peters
2014-06-18  5:37             ` Barry Schwartz
2014-06-18  6:49         ` Duncan
2014-06-17 15:41   ` Slightly OT (Re: [gentoo-amd64] Re: Disable SPP On GCC-4.8.3)k Barry Schwartz

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox