From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev-return-15989-arch-gentoo-dev=gentoo.org@lists.gentoo.org>
Received: (qmail 15142 invoked from network); 23 Sep 2004 20:38:57 +0000
Received: from smtp.gentoo.org (156.56.111.197)
  by lists.gentoo.org with AES256-SHA encrypted SMTP; 23 Sep 2004 20:38:57 +0000
Received: from lists.gentoo.org ([156.56.111.196] helo=parrot.gentoo.org)
	by smtp.gentoo.org with esmtp (Exim 4.41)
	id 1CAaMi-00063x-Mb
	for arch-gentoo-dev@lists.gentoo.org; Thu, 23 Sep 2004 20:38:56 +0000
Received: (qmail 26154 invoked by uid 89); 23 Sep 2004 20:38:56 +0000
Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:gentoo-dev@gentoo.org>
List-Help: <mailto:gentoo-dev-help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev-unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-dev-subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@gentoo.org
Received: (qmail 22892 invoked from network); 23 Sep 2004 20:38:55 +0000
Date: Thu, 23 Sep 2004 21:35:35 +0100
From: Ciaran McCreesh <ciaranm@gentoo.org>
To: solar@gentoo.org
Cc: gentoo-dev@lists.gentoo.org
Message-ID: <20040923213535.0d899b28@snowdrop.home>
In-Reply-To: <1095971292.28392.55.camel@simple>
References: <4151A04F.5090304@comcast.net>
	<200409222240.15226.vapier@gentoo.org>
	<20040923164736.657b489d@andy.genone.homeip.net>
	<200409231503.18064.vapier@gentoo.org>
	<1095971292.28392.55.camel@simple>
X-Mailer: Sylpheed-Claws 0.9.12a (GTK+ 1.2.10; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature";
 micalg="pgp-sha1";
 boundary="Signature=_Thu__23_Sep_2004_21_35_35_+0100_YFfTXOAnowstyu2h"
Subject: Re: [gentoo-dev] Stack smash protected daemons
X-Archives-Salt: b0746470-b6b7-43fa-8c3d-7c78332a83d4
X-Archives-Hash: 13b77dc0b72573a3ec11bd7d8d5f793b

--Signature=_Thu__23_Sep_2004_21_35_35_+0100_YFfTXOAnowstyu2h
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

On Thu, 23 Sep 2004 16:28:13 -0400 Ned Ludd <solar@gentoo.org> wrote:
| But the disadvantage here is that we have to explicitly add said USE
| flag to the profiles (which you know a certain somebody might come
| right in and disable it) unless we rename said flag/feature (cuz you
| don't want "no"flags) to something like USE=idiot then the logic in
| ebuilds could work as. use idiot || append-flags -fstack-protector 
| Or perhaps even following in the footsteps of x11-base/xorg which has
| "insecure-drivers" but maybe using the name "insecure-cflags"

They're not 'insecure' CFLAGS. Adding -fstack-protector does not make
your code "more secure". It means that if you have insecure code, you
may or may not suffer reduced consequences if someone tries to do nasty
things to your box.

Also, make sure it's a "use foo &&" style flag, otherwise it can't be
masked where necessary. "use foo ||" things break use.mask.

-- 
Ciaran McCreesh : Gentoo Developer (Sparc, MIPS, Vim, Fluxbox)
Mail            : ciaranm at gentoo.org
Web             : http://dev.gentoo.org/~ciaranm


--Signature=_Thu__23_Sep_2004_21_35_35_+0100_YFfTXOAnowstyu2h
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBUzOZ96zL6DUtXhERAhPVAKCS8djJSct/QiKR4KHNdZbbLy08+wCePruQ
//fWEC0oHYZ3sLS78TeyCfQ=
=TxHi
-----END PGP SIGNATURE-----

--Signature=_Thu__23_Sep_2004_21_35_35_+0100_YFfTXOAnowstyu2h--