From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 8461F138247 for ; Thu, 9 Jan 2014 23:13:25 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3A0C4E0A5C; Thu, 9 Jan 2014 23:13:19 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 41E63E09B0 for ; Thu, 9 Jan 2014 23:13:18 +0000 (UTC) Received: from [192.168.1.17] (pool-72-95-221-222.pitbpa.fios.verizon.net [72.95.221.222]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: zerochaos) by smtp.gentoo.org (Postfix) with ESMTPSA id F2E9B33EE6E for ; Thu, 9 Jan 2014 23:13:16 +0000 (UTC) Message-ID: <52CF2D1D.10709@gentoo.org> Date: Thu, 09 Jan 2014 18:13:33 -0500 From: "Rick \"Zero_Chaos\" Farina" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] [PATCH] To enable ssp default in Gcc the toolchain.eclass need some changes. References: <7554031.Sacz2dxc8i@laptop1.gw.ume.nu> <1389304629.424.44.camel@belkin5> <52CF1D7C.4030700@gentoo.org> <20140109232116.398080f1@gentoo.org> <52CF2A4D.5000703@gentoo.org> In-Reply-To: <52CF2A4D.5000703@gentoo.org> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Archives-Salt: fe0453c5-8225-4d11-b0e4-eafff18de6b4 X-Archives-Hash: 77e539f16a2d4f72f2a8bcf39c842ebb -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/09/2014 06:01 PM, Anthony G. Basile wrote: > On 01/09/2014 05:21 PM, Michał Górny wrote: >> Dnia 2014-01-09, o godz. 17:06:52 >> "Anthony G. Basile" napisał(a): >> >>> On 01/09/2014 04:57 PM, Pacho Ramos wrote: >>>> What are the advantages of disabling SSP to deserve that "special" >>>> handling via USE flag or easily disabling it appending the flag? >>> There are some cases where ssp could break things. I know of once case >>> right now, but its somewhat exotic. Also, sometimes we *want* to break >>> things for testing. I'm thinking here of instance where we want to test >>> a pax hardened kernel to see if it catches abuses of memory which would >>> otherwise be caught by executables emitted from a hardened toolchain. >>> Take a look at the app-admin/paxtest suite. >> Just to be clear, are we talking about potential system-wide breakage >> or single, specific packages being broken by SSP? In other words, are >> there cases when people will really want to disable SSP completely? >> >> Unless I'm misunderstanding something, your examples sound like you >> just want -fno-stack-protector per-package. I don't really think you >> actually want to rebuild whole gcc just to do some testing on a single >> package... >> > Correct, you'd only want to turn off ssp per package and then only in > rare cases. You should never have to rebuild gcc for this. With ssp on > by default, gcc specs would add -fstack-protector to all builds. If you > don't want a package build with ssp, then just do > CFLAGS="-fno-stack-protector" and you're building without ssp. > This reads very much like "the nossp use flag is useless". Not that Zorry needs to fix that (preexisting and all that) but it sounds to me like it's safe to remove these types of use flags from toolchain. I'm really interested in dirtyepic's opinion though... sir? Thanks, Zero -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSzy0dAAoJEKXdFCfdEflKZJEP/3P/Gq3sD6aB9XDcsLxUAVqC vg10PuwhmNpJK6HiYO2F/C5TNv3J+hpkiYPDMgjChOTw+JvqGCeIYYKvKuumtIXV fjnHDW9IRD8BGHlNFF9xx3sGV9VMPYDNICkK3oeNQJPlZOVSbnVEWsaTju/CEA7e tMkeA93ULed9pSzSZ3OBAIwLH906Kh8hO+o/gcJDyBa9/tJrXKfS+jtd6zTMbVtO 8ruLjRUDTsYwt61uMFhV7R/eWlSagGIFDGbxop0JyhTZaB+zxvbm8wzmZck4Tc2J HFO4A289zFBVZESaDA4SHAYJHQTSMND1fzAB8X4sPEwNebmLwOinneuA7XYVRsHW svu/I3tUPjNTKimTSmjMySi7f+3QDYLIxQ8UY0PUCPKjdlNZMQruqCR52lTsjy8F n0EpLMqodD61B+aCkkBpdrt1sx/BJ4AISq8R51yiJecujPoSk1oj5gG1aFOPK/mG BIQqLL1c6TvbB4ECLVMh6YAfxRKcyCT8tlMZqu2rTRqtxQ+YlUnxwvIQV7ivQ5sL M8eC/HjVjd0In9v5GVxePa3NFfwwuswnFipi2mivniajmZYi8M8avSVLpv54Kvi0 cAysdf/FP4WA+iVCd5J+MKGygKKSmbyYZ9IHyE4yCyCNK+0+ZZcFm9YNy9nx8rAJ 4ctTVxoCTtA+B9p3MBnL =6a0w -----END PGP SIGNATURE-----