From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev-return-15983-arch-gentoo-dev=gentoo.org@lists.gentoo.org>
Received: (qmail 13852 invoked from network); 23 Sep 2004 16:31:04 +0000
Received: from smtp.gentoo.org (156.56.111.197)
  by lists.gentoo.org with AES256-SHA encrypted SMTP; 23 Sep 2004 16:31:04 +0000
Received: from lists.gentoo.org ([156.56.111.196] helo=parrot.gentoo.org)
	by smtp.gentoo.org with esmtp (Exim 4.41)
	id 1CAWUp-0003MQ-6D
	for arch-gentoo-dev@lists.gentoo.org; Thu, 23 Sep 2004 16:31:03 +0000
Received: (qmail 9862 invoked by uid 89); 23 Sep 2004 16:31:01 +0000
Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:gentoo-dev@gentoo.org>
List-Help: <mailto:gentoo-dev-help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev-unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-dev-subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@gentoo.org
Received: (qmail 12322 invoked from network); 23 Sep 2004 16:31:01 +0000
Date: Thu, 23 Sep 2004 17:27:35 +0100
From: Ciaran McCreesh <ciaranm@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Message-ID: <20040923172735.3f7494df@snowdrop.home>
In-Reply-To: <4152D819.4070205@gentoo.org>
References: <4151A04F.5090304@comcast.net>
	<41524A85.1020402@comcast.net>
	<1095917198.29656.64.camel@simple>
	<415289CF.7070708@gentoo.org>
	<4152D819.4070205@gentoo.org>
X-Mailer: Sylpheed-Claws 0.9.12a (GTK+ 1.2.10; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature";
 micalg="pgp-sha1";
 boundary="Signature=_Thu__23_Sep_2004_17_27_36_+0100_Z9emewj38n7Tumyi"
Subject: Re: [gentoo-dev] Re: Stack smash protected daemons
X-Archives-Salt: 5187756d-7ac3-4d74-a471-42315c619172
X-Archives-Hash: 9c90cac9d6bc3c309a0e1eead2cabf41

--Signature=_Thu__23_Sep_2004_17_27_36_+0100_Z9emewj38n7Tumyi
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

On Thu, 23 Sep 2004 16:05:13 +0200 Thierry Carrez <koon@gentoo.org>
wrote:
| SSP is very useful, and it should be used on all executables on a
| given machine. I don't think we should only use it to protect daemons
| and SUID programs, since a lot of buffer overflows are discovered in
| client software and they are also a way of remotely compromising a
| machine. If you protect only exposed services, attackers will turn to
| passive attacks, like virus images, to always exploit the weakest
| link.

Ok, so what you're basically saying is that you want a variable which
enables -fstack-protector for any c executable at a global level. I'd
like to propose a variable called 'CFLAGS' which can be set in make.conf
for that kind of thing.

-- 
Ciaran McCreesh : Gentoo Developer (Sparc, MIPS, Vim, Fluxbox)
Mail            : ciaranm at gentoo.org
Web             : http://dev.gentoo.org/~ciaranm


--Signature=_Thu__23_Sep_2004_17_27_36_+0100_Z9emewj38n7Tumyi
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBUvl796zL6DUtXhERArDgAJ9EGVSctHMbQya1JhQtmDdP+0fWCgCgt25/
51ApKqsOhfzYuSqdmxy/fJE=
=dMsP
-----END PGP SIGNATURE-----

--Signature=_Thu__23_Sep_2004_17_27_36_+0100_Z9emewj38n7Tumyi--