From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev-return-15971-arch-gentoo-dev=gentoo.org@lists.gentoo.org>
Received: (qmail 17604 invoked from network); 23 Sep 2004 02:41:36 +0000
Received: from smtp.gentoo.org (156.56.111.197)
  by lists.gentoo.org with AES256-SHA encrypted SMTP; 23 Sep 2004 02:41:36 +0000
Received: from lists.gentoo.org ([156.56.111.196] helo=parrot.gentoo.org)
	by smtp.gentoo.org with esmtp (Exim 4.41)
	id 1CAJY7-0005Sy-MT
	for arch-gentoo-dev@lists.gentoo.org; Thu, 23 Sep 2004 02:41:35 +0000
Received: (qmail 14554 invoked by uid 89); 23 Sep 2004 02:41:35 +0000
Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:gentoo-dev@gentoo.org>
List-Help: <mailto:gentoo-dev-help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev-unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-dev-subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@gentoo.org
Received: (qmail 26907 invoked from network); 23 Sep 2004 02:41:34 +0000
Message-ID: <13cc2f78040922194155a2d7ab@mail.gmail.com>
Date: Wed, 22 Sep 2004 22:41:32 -0400
From: Colin Kingsley <ckingsley@gmail.com>
Reply-To: Colin Kingsley <ckingsley@gmail.com>
To: gentoo-dev@lists.gentoo.org
In-Reply-To: <20040923030852.72a2d02c@snowdrop.home>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
References: <4151A04F.5090304@comcast.net>
	 <20040922170424.26f1253b@snowdrop.home> <4151EB12.9010504@comcast.net>
	 <1095898314.5905.2889.camel@simple>
	 <20040923012718.09149bab@snowdrop.home>
	 <1095905014.8317.2990.camel@simple>
	 <20040923030852.72a2d02c@snowdrop.home>
Subject: Re: [gentoo-dev] Stack smash protected daemons
X-Archives-Salt: bae5e2a3-3d44-40c7-833c-c8982d4a06d0
X-Archives-Hash: 423bb18d74ae75807bdf81d4c08590f8

On Thu, 23 Sep 2004 03:08:52 +0100, Ciaran McCreesh <ciaranm@gentoo.org> wrote:

> The hack is in trying to get the compiler to make broken code safe,
> rather than properly auditing code. SSP does not fix broken code, it's
> just duct tape.

If you want to start auditing code yourself, and turn Gentoo into
something like OpenBSD (Which I'm not saying is a bad thing) then go
right ahead. Untill then, -fstack-protector sounds like a good bet.
Furthermore, those "benchmarks" you included reguarding vim would be
totaly irelevant if the FEATURES="autossp" were implemented, because
then only the at-risk packages (net daemons) would be affected.

Colin

--
gentoo-dev@gentoo.org mailing list