From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <gentoo-dev-return-15936-arch-gentoo-dev=gentoo.org@lists.gentoo.org> Received: (qmail 11997 invoked from network); 22 Sep 2004 16:07:44 +0000 Received: from smtp.gentoo.org (156.56.111.197) by lists.gentoo.org with AES256-SHA encrypted SMTP; 22 Sep 2004 16:07:44 +0000 Received: from lists.gentoo.org ([156.56.111.196] helo=parrot.gentoo.org) by smtp.gentoo.org with esmtp (Exim 4.41) id 1CA9ei-0007tq-Cp for arch-gentoo-dev@lists.gentoo.org; Wed, 22 Sep 2004 16:07:44 +0000 Received: (qmail 8171 invoked by uid 89); 22 Sep 2004 16:07:43 +0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: <mailto:gentoo-dev@gentoo.org> List-Help: <mailto:gentoo-dev-help@gentoo.org> List-Unsubscribe: <mailto:gentoo-dev-unsubscribe@gentoo.org> List-Subscribe: <mailto:gentoo-dev-subscribe@gentoo.org> List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org> X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 10590 invoked from network); 22 Sep 2004 16:07:43 +0000 Date: Wed, 22 Sep 2004 17:04:24 +0100 From: Ciaran McCreesh <ciaranm@gentoo.org> To: gentoo-dev@lists.gentoo.org Message-ID: <20040922170424.26f1253b@snowdrop.home> In-Reply-To: <4151A04F.5090304@comcast.net> References: <4151A04F.5090304@comcast.net> X-Mailer: Sylpheed-Claws 0.9.12a (GTK+ 1.2.10; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="Signature=_Wed__22_Sep_2004_17_04_24_+0100_2Jsu/3OXSMDEAdT7" Subject: Re: [gentoo-dev] Stack smash protected daemons X-Archives-Salt: 09a0bc85-5a24-4028-aefc-f3c8c2ef33ae X-Archives-Hash: 82f554bd52b5c392e6d929cabb7d4c57 --Signature=_Wed__22_Sep_2004_17_04_24_+0100_2Jsu/3OXSMDEAdT7 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 7bit On Wed, 22 Sep 2004 11:54:55 -0400 John Richard Moser <nigelenki@comcast.net> wrote: | I believe it would be a good idea to have such a FEATURES or USE flag | on by default in all profiles where SSP is supported. In this manner, | the major targets of security attacks would automatically be | protected; while still allowing the user to disable the protection if | the user desires. Users wanting more protection can simply add | -fstack-protector to CFLAGS, or use Hardened Gentoo. Personally, I don't see the point in an ugly hack which occasionally sort of protects you from badly written code... The option's there for anyone who really wants it, but we tend more towards a "turn most things off unless the user asks for them" approach, hence the relatively low number of things turned on in the default USE settings. | Any comments? Would this be more suitable as a USE or a FEATURES | setting? FEATURES, not USE. -- Ciaran McCreesh : Gentoo Developer (Sparc, MIPS, Vim, Fluxbox) Mail : ciaranm at gentoo.org Web : http://dev.gentoo.org/~ciaranm --Signature=_Wed__22_Sep_2004_17_04_24_+0100_2Jsu/3OXSMDEAdT7 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBUaKK96zL6DUtXhERAmYRAKDZsqkx2D0AQ7D3ypQOB/7NWt78hACgmd1Q 5dnjaY/qKPyW2gOfySSpCjk= =I46Z -----END PGP SIGNATURE----- --Signature=_Wed__22_Sep_2004_17_04_24_+0100_2Jsu/3OXSMDEAdT7--