From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 5073 invoked from network); 23 Sep 2004 23:22:28 +0000 Received: from smtp.gentoo.org (156.56.111.197) by lists.gentoo.org with AES256-SHA encrypted SMTP; 23 Sep 2004 23:22:28 +0000 Received: from lists.gentoo.org ([156.56.111.196] helo=parrot.gentoo.org) by smtp.gentoo.org with esmtp (Exim 4.41) id 1CAcuw-0008VQ-S9 for arch-gentoo-dev@lists.gentoo.org; Thu, 23 Sep 2004 23:22:26 +0000 Received: (qmail 6857 invoked by uid 89); 23 Sep 2004 23:22:26 +0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 5279 invoked from network); 23 Sep 2004 23:22:21 +0000 Message-ID: <41535BF0.2090601@gentoo.org> Date: Thu, 23 Sep 2004 18:27:44 -0500 From: Daniel Goller User-Agent: Mozilla Thunderbird 0.8 (X11/20040916) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ciaran McCreesh CC: gentoo-dev@lists.gentoo.org References: <4151A04F.5090304@comcast.net> <20040922170424.26f1253b@snowdrop.home> In-Reply-To: <20040922170424.26f1253b@snowdrop.home> X-Enigmail-Version: 0.86.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine Subject: Re: [gentoo-dev] Stack smash protected daemons X-Archives-Salt: 71f101c9-2350-4f35-a0e4-9fb639987aa4 X-Archives-Hash: e9fe8716024394618691b3c525dacadd Ciaran McCreesh wrote: >On Wed, 22 Sep 2004 11:54:55 -0400 John Richard Moser > wrote: >| I believe it would be a good idea to have such a FEATURES or USE flag >| on by default in all profiles where SSP is supported. In this manner, >| the major targets of security attacks would automatically be >| protected; while still allowing the user to disable the protection if >| the user desires. Users wanting more protection can simply add >| -fstack-protector to CFLAGS, or use Hardened Gentoo. > >Personally, I don't see the point in an ugly hack which occasionally >sort of protects you from badly written code... The option's there for >anyone who really wants it, but we tend more towards a "turn most things >off unless the user asks for them" approach, hence the relatively low >number of things turned on in the default USE settings. > > > so basically you are saying instead of doing somehting you can do now, you would prefer to sit back and complain about what is wrong with xyz, are you ever *for* something (that isnt vim or fluxbox?), you seem to always seem to have a "but..." in store for everything over people seem to bring up. use something that protects people now and help get your ideal solution done while having the bandaid in place, why leave a wound open till it is a fastering boil if you could have washed your hands and put a bandaid on? >| Any comments? Would this be more suitable as a USE or a FEATURES >| setting? > >FEATURES, not USE. > > > -- gentoo-dev@gentoo.org mailing list