From: "Hanno Böck" <hanno@gentoo.org>
To: Matthias Maier <tamiko@gentoo.org>
Cc: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"
Date: Tue, 9 May 2017 23:18:20 +0200 [thread overview]
Message-ID: <20170509231820.6228c56f@pc1> (raw)
In-Reply-To: <87k25p92d3.fsf@kestrel.kyomu.43-1.org>
Hi,
On Tue, 09 May 2017 15:55:36 -0500
Matthias Maier <tamiko@gentoo.org> wrote:
> Well, Alexis certainly makes a strong point. Breaking installed static
> archives by changing a use flag shouldn't be as easy as changing a
> useflag. So we might simply use.force the pie use flag depending on
> hardened/non-hardened profiles.
While I understand that enabling pie requires some more planning to
avoid breakage, I hope this is not the final solution we aim for. I
really think it's about time that pie becomes the default in Gentoo.
pie is required for working ASLR, which almost every other OS out there
has these days. In recent years also Fedora, Ubuntu and lately Debian
switched it on by default. I really think this should be a default
security setting, not something that only lives in hardened.
--
Hanno Böck
https://hboeck.de/
mail/jabber: hanno@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
next prev parent reply other threads:[~2017-05-09 21:18 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-09 17:26 [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp" Matthias Maier
2017-05-09 20:10 ` Alexis Ballier
2017-05-09 20:27 ` Mike Gilbert
2017-05-10 12:53 ` Chí-Thanh Christopher Nguyễn
2017-05-09 20:55 ` Matthias Maier
2017-05-09 20:59 ` [gentoo-dev] [PATCH] profiles: Mask pie useflag for >=sys-devel/gcc-6 Matthias Maier
2017-05-09 21:18 ` Hanno Böck [this message]
2017-05-09 22:47 ` [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp" Alexis Ballier
2017-05-09 23:13 ` Matthias Maier
2017-05-10 7:34 ` Alexis Ballier
2017-05-09 23:40 ` Andreas K. Huettel
2017-05-10 7:24 ` Alexis Ballier
2017-05-10 7:28 ` [gentoo-dev] " Martin Vaeth
2017-05-10 13:20 ` Matthias Maier
2017-05-10 13:31 ` James Le Cuirot
2017-05-10 13:35 ` Andreas K. Huettel
2017-05-10 13:38 ` Kristian Fiskerstrand
2017-05-10 15:26 ` Hanno Böck
2017-05-11 9:55 ` Martin Vaeth
2017-05-10 20:31 ` Luis Ressel
2017-05-11 18:37 ` Martin Vaeth
2017-05-09 23:44 ` [gentoo-dev] " Andreas K. Huettel
2017-05-10 5:07 ` Jason Zaman
2017-05-10 5:58 ` Matthias Maier
2017-05-10 7:23 ` Alexis Ballier
2017-05-10 9:31 ` Kent Fredric
2017-05-09 23:58 ` [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp", v2 Matthias Maier
2017-05-10 7:52 ` Alexis Ballier
2017-05-10 9:19 ` Kristian Fiskerstrand
2017-05-10 11:58 ` Dirkjan Ochtman
2017-05-10 13:29 ` New profiles for default-pie transition (was: Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp", v2) Andreas K. Huettel
2017-05-10 13:42 ` [gentoo-dev] Re: New profiles for default-pie transition Kristian Fiskerstrand
2017-05-10 14:24 ` Alexis Ballier
2017-05-10 13:49 ` Matthias Maier
2017-05-10 15:32 ` New profiles for default-pie transition (was: Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp", v2) Hanno Böck
2017-05-10 16:07 ` [gentoo-dev] Re: New profiles for default-pie transition Matthias Maier
2017-05-11 23:39 ` [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp", v2 Walter Dnes
2017-05-12 0:19 ` Matthias Maier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170509231820.6228c56f@pc1 \
--to=hanno@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
--cc=tamiko@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox