Re: [gentoo-dev] Improve the security of the default profile

[Tom Wijsman <TomWij@gentoo.org>]

[-- Attachment #1: Type: text/plain, Size: 1158 bytes --]

On Thu, 05 Sep 2013 12:13:28 +0200
Agostino Sarubbo <ago@gentoo.org> wrote:

> Hello,
> 
> during an irc debate, me and other people just noticed that the
> default profile could use more flags to enhance the security.
> 
> An hint is here:
> https://wiki.ubuntu.com/ToolChain/CompilerFlags
> 
> Please argue about what we _don't_ use.
> 
> Note: please CC me in your response.

What I wonder about here is at which cost this does come, when looking
at the fstack-protector then I see that it "emits extra code"; so, now
the question is what kind of overhead this causes.

I am pretty sure security might not be that important on a real time
system that perhaps isn't connected to the internet; so, besides making
it the default, we might want to introduce the necessary means to turn
it off again, by the very least perhaps documentation would suffice.

Do you intend to discuss that flag or more generally any security flag?

-- 
With kind regards,

Tom Wijsman (TomWij)
Gentoo Developer

E-mail address  : TomWij@gentoo.org
GPG Public Key  : 6D34E57D
GPG Fingerprint : C165 AF18 AB4C 400B C3D2  ABF0 95B2 1FCD 6D34 E57D

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 490 bytes --]