From: Ciaran McCreesh <ciaranm@gentoo.org>
To: solar@gentoo.org
Cc: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Stack smash protected daemons
Date: Thu, 23 Sep 2004 21:35:35 +0100 [thread overview]
Message-ID: <20040923213535.0d899b28@snowdrop.home> (raw)
In-Reply-To: <1095971292.28392.55.camel@simple>
[-- Attachment #1: Type: text/plain, Size: 1079 bytes --]
On Thu, 23 Sep 2004 16:28:13 -0400 Ned Ludd <solar@gentoo.org> wrote:
| But the disadvantage here is that we have to explicitly add said USE
| flag to the profiles (which you know a certain somebody might come
| right in and disable it) unless we rename said flag/feature (cuz you
| don't want "no"flags) to something like USE=idiot then the logic in
| ebuilds could work as. use idiot || append-flags -fstack-protector
| Or perhaps even following in the footsteps of x11-base/xorg which has
| "insecure-drivers" but maybe using the name "insecure-cflags"
They're not 'insecure' CFLAGS. Adding -fstack-protector does not make
your code "more secure". It means that if you have insecure code, you
may or may not suffer reduced consequences if someone tries to do nasty
things to your box.
Also, make sure it's a "use foo &&" style flag, otherwise it can't be
masked where necessary. "use foo ||" things break use.mask.
--
Ciaran McCreesh : Gentoo Developer (Sparc, MIPS, Vim, Fluxbox)
Mail : ciaranm at gentoo.org
Web : http://dev.gentoo.org/~ciaranm
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2004-09-23 20:38 UTC|newest]
Thread overview: 98+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-22 15:54 [gentoo-dev] Stack smash protected daemons John Richard Moser
2004-09-22 16:04 ` Ciaran McCreesh
2004-09-22 17:06 ` Elfyn McBratney
2004-09-22 17:30 ` Marius Mauch
2004-09-22 21:13 ` John Richard Moser
2004-09-23 0:11 ` Ned Ludd
2004-09-23 0:27 ` Ciaran McCreesh
2004-09-23 0:38 ` Mike Frysinger
2004-09-23 0:42 ` Ciaran McCreesh
2004-09-23 2:40 ` Mike Frysinger
2004-09-23 14:47 ` Marius Mauch
2004-09-23 19:03 ` Mike Frysinger
2004-09-23 20:28 ` Ned Ludd
2004-09-23 20:35 ` Ciaran McCreesh [this message]
2004-09-23 20:53 ` Ned Ludd
2004-09-23 21:11 ` Ciaran McCreesh
2004-09-23 1:40 ` John Richard Moser
2004-09-23 1:55 ` Ciaran McCreesh
2004-09-23 2:24 ` John Richard Moser
2004-09-23 1:48 ` Dave Monnier
2004-09-23 2:03 ` Ned Ludd
2004-09-23 2:08 ` Ciaran McCreesh
2004-09-23 2:25 ` John Richard Moser
2004-09-23 2:34 ` Ned Ludd
2004-09-23 3:12 ` Mike Frysinger
2004-09-23 2:41 ` Colin Kingsley
2004-09-23 2:47 ` Mike Frysinger
2004-09-23 23:29 ` Daniel Goller
2004-09-24 0:28 ` Jason Stubbs
2004-09-25 16:32 ` Bart Lauwers
2004-09-23 1:41 ` Christian Birchinger
2004-09-23 23:27 ` Daniel Goller
2004-09-23 23:27 ` Ciaran McCreesh
2004-09-22 16:48 ` Rumen Yotov
2004-09-22 17:59 ` Lance Albertson
2004-09-22 21:35 ` John Richard Moser
2004-09-22 21:53 ` Mike Frysinger
2004-09-22 23:49 ` Ned Ludd
2004-09-22 23:17 ` Donnie Berkholz
2004-09-23 0:26 ` Mike Frysinger
2004-09-23 0:37 ` Marius Mauch
2004-09-23 1:51 ` John Richard Moser
2004-09-23 2:44 ` Mike Frysinger
2004-09-23 14:55 ` Marius Mauch
2004-09-23 20:10 ` Paul de Vrieze
2004-09-24 0:41 ` Jason Stubbs
2004-09-24 0:46 ` Jason Stubbs
2004-09-24 0:52 ` John Richard Moser
2004-09-24 1:55 ` Marius Mauch
2004-09-23 4:01 ` John Richard Moser
2004-09-23 4:06 ` John Richard Moser
2004-09-23 5:26 ` Ned Ludd
2004-09-23 5:32 ` Mike Frysinger
2004-09-23 8:31 ` [gentoo-dev] " Thierry Carrez
2004-09-23 14:05 ` Thierry Carrez
2004-09-23 16:27 ` Ciaran McCreesh
2004-09-23 17:45 ` John Richard Moser
2004-09-24 3:21 ` John Richard Moser
2004-09-24 6:02 ` Ned Ludd
2004-09-24 6:34 ` Colin Kingsley
2004-09-24 6:34 ` John Richard Moser
2004-09-24 7:23 ` Colin Kingsley
2004-09-24 11:41 ` Ciaran McCreesh
2004-09-24 12:42 ` Spider
2004-09-24 13:03 ` Colin Kingsley
2004-09-24 13:10 ` Ciaran McCreesh
2004-09-24 15:48 ` John Richard Moser
2004-09-24 19:00 ` Paul de Vrieze
2004-09-25 1:19 ` [gentoo-dev] " Duncan
2004-09-25 3:04 ` John Richard Moser
2004-09-25 10:55 ` [gentoo-dev] " Duncan
2004-09-23 17:27 ` [gentoo-dev] Re: [gentoo-security] " John Richard Moser
2004-09-25 17:26 ` [gentoo-dev] " Bart Lauwers
2004-09-25 17:35 ` Ciaran McCreesh
2004-09-25 21:42 ` Bart Lauwers
2004-09-25 22:29 ` Ciaran McCreesh
2004-09-25 23:46 ` Bart Lauwers
2004-09-25 23:54 ` Ciaran McCreesh
2004-09-27 8:02 ` Thierry Carrez
2004-09-26 0:18 ` Stephen P. Becker
2004-09-26 1:22 ` Jason Stubbs
2004-09-25 17:43 ` Rumen Yotov
2004-09-26 0:58 ` Jason Wever
2004-09-26 6:14 ` John Richard Moser
2004-09-26 13:04 ` Ciaran McCreesh
2004-09-26 16:22 ` John Richard Moser
2004-09-26 16:23 ` Ciaran McCreesh
2004-09-26 15:52 ` Stephen P. Becker
2004-09-26 16:18 ` John Richard Moser
2004-09-26 16:22 ` Ciaran McCreesh
2004-09-26 16:29 ` Stephen P. Becker
2004-09-26 16:11 ` Jason Wever
2004-09-26 16:41 ` John Richard Moser
2004-09-26 17:25 ` [gentoo-dev] Stack smash protected daemons [blah] Kumba
2004-09-26 6:39 ` [gentoo-dev] Stack smash protected daemons Rumen Yotov
2004-09-26 10:14 ` Colin Kingsley
2004-09-26 18:36 ` Jon Portnoy
2004-09-26 18:39 ` John Richard Moser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040923213535.0d899b28@snowdrop.home \
--to=ciaranm@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
--cc=solar@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox