From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 8C0451381F3 for ; Mon, 9 Sep 2013 12:11:59 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A6FC0E0AD0; Mon, 9 Sep 2013 12:11:52 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 01E93E0998 for ; Mon, 9 Sep 2013 12:11:51 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 452A433EBE3 for ; Mon, 9 Sep 2013 12:11:51 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Flag: NO X-Spam-Score: -0.973 X-Spam-Level: X-Spam-Status: No, score=-0.973 tagged_above=-999 required=5.5 tests=[AWL=-0.316, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.655, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no Received: from smtp.gentoo.org ([IPv6:::ffff:127.0.0.1]) by localhost (smtp.gentoo.org [IPv6:::ffff:127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x8vJUOzE-w0i for ; Mon, 9 Sep 2013 12:11:44 +0000 (UTC) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 8444133EB44 for ; Mon, 9 Sep 2013 12:11:42 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1VJ0Jg-0002sG-7p for gentoo-dev@gentoo.org; Mon, 09 Sep 2013 14:11:40 +0200 Received: from lounge.imp.fu-berlin.de ([160.45.42.83]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 09 Sep 2013 14:11:40 +0200 Received: from vaeth by lounge.imp.fu-berlin.de with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 09 Sep 2013 14:11:40 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-dev@lists.gentoo.org From: Martin Vaeth Subject: [gentoo-dev] Re: Improve the security of the default profile Date: Mon, 9 Sep 2013 12:11:14 +0000 (UTC) Message-ID: References: <2258190.ks74ypJstN@devil> <20130907112513.3b7c585c@caribou.gateway.2wire.net> <20130907151110.13ebc8a2@caribou.gateway.2wire.net> <522BB209.9050706@gentoo.org> <20130908180656.143abb67@caribou.gateway.2wire.net> X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: lounge.imp.fu-berlin.de User-Agent: slrn/pre1.0.0-26 (Linux) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Archives-Salt: 0b996879-d923-42f3-b510-5316f6163d49 X-Archives-Hash: 86c76f32eb9a9b2757e12c4b906727eb Ryan Hill wrote: > > You will be expected to fix them, and `append-flags > -fno-stack-protector` is not an acceptable fix. I guess there might be some projects with special assembler code where this is the only possiblity. For your information, I attach my list of packages (of about 1400 installed ones) for which I had seen a reason to exclude them from -fstack-protector The reasons why they are in the list, I forgot long ago; might be failure of some version with ARCH=x86 or ARCH=amd64 or just carefulness like for grub: app-emulation/wine dev-libs/klibc media-gfx/splashutils sys-apps/texinfo sys-apps/v86d sys-boot/grub sys-devel/llvm In addition also: sys-libs/glibc sys-devel/gcc (for the latter, I found an old note that www-plugins/nspluginwrapper failed on amd64 if gcc itself was compiled with -fstack-protector; I guessed some multilib issue but never examined).