From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id DF00C138247 for ; Thu, 9 Jan 2014 21:57:19 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 96E40E0D56; Thu, 9 Jan 2014 21:57:14 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A4AA2E0B1F for ; Thu, 9 Jan 2014 21:57:13 +0000 (UTC) Received: from [192.168.1.33] (142.Red-2-137-47.dynamicIP.rima-tde.net [2.137.47.142]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: pacho) by smtp.gentoo.org (Postfix) with ESMTPSA id 52B3233F701 for ; Thu, 9 Jan 2014 21:57:12 +0000 (UTC) Message-ID: <1389304629.424.44.camel@belkin5> Subject: Re: [gentoo-dev] [PATCH] To enable ssp default in Gcc the toolchain.eclass need some changes. From: Pacho Ramos To: gentoo-dev@lists.gentoo.org Date: Thu, 09 Jan 2014 22:57:09 +0100 In-Reply-To: <7554031.Sacz2dxc8i@laptop1.gw.ume.nu> References: <7554031.Sacz2dxc8i@laptop1.gw.ume.nu> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.8.5 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-Archives-Salt: 2470caea-f55b-4e47-99ba-5aad77906ce2 X-Archives-Hash: a6f8988123172d672d037f2451a40953 El jue, 09-01-2014 a las 21:58 +0100, Magnus Granberg escribió: > Hi > > Some time ago we discussed that we should enable stack smashing > (-fstack-protector) by default. So we opened a bug to track this [1]. > The affected Gcc version will be 4.8.2 and newer. Only amd64, x86, mips, ppc, > ppc64 and arm will be affected by this change. > > You can turn off ssp by using the nossp USE flag or by adding > -fno-stack-protector to the CFLAGS and/or CXXFLAGS. We are using the same > patch as Debian/Ubuntu but with some Gentoo fixes. > > The patch will move the sed for the HARD_CFLAGS, ALLCFLAGS and > ALLCXXFLAGS from do_gcc_PIE_patches() to make_gcc_hard(). We will > make_gcc_hard() the default for all Gcc versions 4.8 and newer, and turn > it on or off with hardened_gcc_works() that will make some sanity checks. > > /Magnus What are the advantages of disabling SSP to deserve that "special" handling via USE flag or easily disabling it appending the flag? Thanks a lot for the info :)