From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev-return-15985-arch-gentoo-dev=gentoo.org@lists.gentoo.org>
Received: (qmail 26245 invoked from network); 23 Sep 2004 17:42:34 +0000
Received: from smtp.gentoo.org (156.56.111.197)
  by lists.gentoo.org with AES256-SHA encrypted SMTP; 23 Sep 2004 17:42:34 +0000
Received: from lists.gentoo.org ([156.56.111.196] helo=parrot.gentoo.org)
	by smtp.gentoo.org with esmtp (Exim 4.41)
	id 1CAXbo-00052R-Ko
	for arch-gentoo-dev@lists.gentoo.org; Thu, 23 Sep 2004 17:42:22 +0000
Received: (qmail 1997 invoked by uid 89); 23 Sep 2004 17:42:20 +0000
Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:gentoo-dev@gentoo.org>
List-Help: <mailto:gentoo-dev-help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev-unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-dev-subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@gentoo.org
Received: (qmail 31775 invoked from network); 23 Sep 2004 17:42:19 +0000
Message-ID: <41530BAD.5040100@comcast.net>
Date: Thu, 23 Sep 2004 13:45:17 -0400
From: John Richard Moser <nigelenki@comcast.net>
User-Agent: Mozilla Thunderbird 0.7.3 (X11/20040916)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Ciaran McCreesh <ciaranm@gentoo.org>
CC:  gentoo-dev@lists.gentoo.org
References: <4151A04F.5090304@comcast.net>	<41524A85.1020402@comcast.net>	<1095917198.29656.64.camel@simple>	<415289CF.7070708@gentoo.org>	<4152D819.4070205@gentoo.org> <20040923172735.3f7494df@snowdrop.home>
In-Reply-To: <20040923172735.3f7494df@snowdrop.home>
X-Enigmail-Version: 0.85.0.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [gentoo-dev] Re: Stack smash protected daemons
X-Archives-Salt: 3c9aa49e-7d6c-43ca-994c-4ce370a1747c
X-Archives-Hash: 6af281aa32779b891a687be524fa11d6

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Ciaran McCreesh wrote:
| On Thu, 23 Sep 2004 16:05:13 +0200 Thierry Carrez <koon@gentoo.org>
| wrote:
| | SSP is very useful, and it should be used on all executables on a
| | given machine. I don't think we should only use it to protect daemons
| | and SUID programs, since a lot of buffer overflows are discovered in
| | client software and they are also a way of remotely compromising a
| | machine. If you protect only exposed services, attackers will turn to
| | passive attacks, like virus images, to always exploit the weakest
| | link.
|
| Ok, so what you're basically saying is that you want a variable which
| enables -fstack-protector for any c executable at a global level. I'd
| like to propose a variable called 'CFLAGS' which can be set in make.conf
| for that kind of thing.
|


http://article.gmane.org/gmane.linux.gentoo.devel/21481

# CPU types supported in gcc-2.95*: k6, i386, i486, i586 (Pentium), i686
# (Pentium Pro), pentium, pentiumpro Gentoo Linux 1.2 and below use
# gcc-2.95*
#
# The security concious could add -fstack-protector to CFLAGS as well,
# for some added security (see SSPDAEMONS below for FEATURES).  This
# should be safe; if something breaks, bug bugs.gentoo.org
#
# Decent examples:

I'll repete myself this once. . . and yes I'd prefer users to stick it
in CFLAGS.
- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBUwurhDd4aOud5P8RAuT/AJ9U4Ax7anRWduyLd4z87zw1VvWQUgCgkYQW
8HC0c1JDRSVp3jg4bAROSZs=
=k14w
-----END PGP SIGNATURE-----

--
gentoo-dev@gentoo.org mailing list