On Thu, 23 Sep 2004 16:05:13 +0200 Thierry Carrez <koon@gentoo.org>
wrote:
| SSP is very useful, and it should be used on all executables on a
| given machine. I don't think we should only use it to protect daemons
| and SUID programs, since a lot of buffer overflows are discovered in
| client software and they are also a way of remotely compromising a
| machine. If you protect only exposed services, attackers will turn to
| passive attacks, like virus images, to always exploit the weakest
| link.

Ok, so what you're basically saying is that you want a variable which
enables -fstack-protector for any c executable at a global level. I'd
like to propose a variable called 'CFLAGS' which can be set in make.conf
for that kind of thing.

-- 
Ciaran McCreesh : Gentoo Developer (Sparc, MIPS, Vim, Fluxbox)
Mail            : ciaranm at gentoo.org
Web             : http://dev.gentoo.org/~ciaranm