From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 3AE2F1381F3 for ; Thu, 5 Sep 2013 11:09:09 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CDE76E0C11; Thu, 5 Sep 2013 11:09:04 +0000 (UTC) Received: from juliette.telenet-ops.be (juliette.telenet-ops.be [195.130.137.74]) by pigeon.gentoo.org (Postfix) with ESMTP id B5D1DE0BA5 for ; Thu, 5 Sep 2013 11:09:03 +0000 (UTC) Received: from TOMWIJ-GENTOO ([94.226.55.127]) by juliette.telenet-ops.be with bizsmtp id MP921m01j2khLEN06P924u; Thu, 05 Sep 2013 13:09:02 +0200 Date: Thu, 5 Sep 2013 13:09:00 +0200 From: Tom Wijsman To: gentoo-dev@lists.gentoo.org Cc: ago@gentoo.org, toolchain@gentoo.org Subject: Re: [gentoo-dev] Improve the security of the default profile Message-ID: <20130905130900.09aa5847@TOMWIJ-GENTOO> In-Reply-To: <2801841.odtaY24SdY@devil> References: <2258190.ks74ypJstN@devil> <20130905124701.2ce1b44d@TOMWIJ-GENTOO> <2801841.odtaY24SdY@devil> X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.20; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/=zggf_rImW5FuPGJG0WGmFn"; protocol="application/pgp-signature" X-Archives-Salt: b77df6ef-ab9b-48be-887a-c17a4629c7c6 X-Archives-Hash: d8459915f77a79d9ae25a416c1716211 --Sig_/=zggf_rImW5FuPGJG0WGmFn Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Thu, 05 Sep 2013 12:54:27 +0200 Agostino Sarubbo wrote: > On Thursday 05 September 2013 12:47:01 Tom Wijsman wrote: > > What I wonder about here is at which cost this does come, when > > looking at the fstack-protector then I see that it "emits extra > > code"; so, now the question is what kind of overhead this causes. >=20 > We use -fstack-protector-all in the hardened profile, so it is not > unknown at all. >=20 > > I am pretty sure security might not be that important on a real time > > system that perhaps isn't connected to the internet; so, besides > > making it the default, we might want to introduce the necessary > > means to turn it off again, by the very least perhaps documentation > > would suffice. > >=20 > > Do you intend to discuss that flag or more generally any security > > flag? >=20 > I just want to point out the thread because other people will have > something to say about. Yes, I am aware of that, I am not saying it is unknown; but I am wondering about those questions: What kind of overhead does this cause? Do you intend to discuss that flag or more generally any security flag? --=20 With kind regards, Tom Wijsman (TomWij) Gentoo Developer E-mail address : TomWij@gentoo.org GPG Public Key : 6D34E57D GPG Fingerprint : C165 AF18 AB4C 400B C3D2 ABF0 95B2 1FCD 6D34 E57D --Sig_/=zggf_rImW5FuPGJG0WGmFn Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.21 (GNU/Linux) iQEcBAEBAgAGBQJSKGZMAAoJEJWyH81tNOV9kJUH/Ro47c7G+03YLemtGICs05Pv dJ4N3ych2zCDAX1w38GyXUBTkF+jAH1aTGgdQxs5SuVE8hZEjrDRnCDUF+XhHQMK SAAxJgdpcuit4Bs9xaQmOiII8tstraqgSlRYXTeKpnMAUHhpIWMh5L/weYGPVUbw lfoSxWjyUZWFqrGxesdhop9DBpvwxxv/GjkxtPKXgDhCciiaPHDz2PIdjH+jFQpu RiEeChIzw4VqjN/vbh9Uhz4lTbenw1FUuwNUM+kYoMiH9u5u+QoPTp3gsNlShMyO rbOHy5YOipQMSyRLfCEpixS4wxOIETkdXulcoInRuiMQvsvyV4cmei1zEVPxsyQ= =kHml -----END PGP SIGNATURE----- --Sig_/=zggf_rImW5FuPGJG0WGmFn--