From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1MK0T7-0004KF-Lj for garchives@archives.gentoo.org; Fri, 26 Jun 2009 01:43:09 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id DA74BE0387; Fri, 26 Jun 2009 01:43:07 +0000 (UTC) Received: from mail-bw0-f223.google.com (mail-bw0-f223.google.com [209.85.218.223]) by pigeon.gentoo.org (Postfix) with ESMTP id 97A2BE0387 for ; Fri, 26 Jun 2009 01:43:07 +0000 (UTC) Received: by bwz23 with SMTP id 23so1638899bwz.34 for ; Thu, 25 Jun 2009 18:43:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=tbUBqQtovu+fnsHT3bklRU48urhNL/TB9fVzbdk+znk=; b=pV6uXFvRlJJFpwgJNhLMugOc7oP9Iw+O2VrdrmTZSEMol8pwAK8G5j0gw2HOZiA+T5 /aiBbP1HG08S/QaTiOM9OSyfmhtlRNf33+KPby1fb0aJ6plZxe7vBXHMEbMdHzW/0DD7 e7TTav8KSmhI/4Eb0q9jUfd1Q38OMaXCTGGfk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=Z2fQZ5ET3Jfi12Ujf2Xq+uNQCS/3cLD+KYP2mLB6pjsXIbPKbPkTrZEUsep6cRFv+e 34EQfFpWkVgvmzZgANR/PAHNgwV7jTOb6LhyzrszIwChRV6OoUNLRIlnyw3LTuAUGpRA sEXKyhyIMDHObJW16E5Q3w1Ydn1pg7fVQfJMI= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Received: by 10.204.56.4 with SMTP id w4mr3118915bkg.25.1245980586888; Thu, 25 Jun 2009 18:43:06 -0700 (PDT) In-Reply-To: <4A442047.3000409@wildgooses.com> References: <4A43594C.5040201@wildgooses.com> <8b17778e0906251158n6f98ba48jb8e1015bc8e70057@mail.gmail.com> <4A442047.3000409@wildgooses.com> Date: Fri, 26 Jun 2009 02:43:06 +0100 Message-ID: <279fbba40906251843j13279b91y3ea7165f2c2b8fed@mail.gmail.com> Subject: Re: [gentoo-hardened] GCC4 (again...) From: Kerin Millar To: gentoo-hardened@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 42df70ab-0ea0-4f9f-b878-b957c400f0a6 X-Archives-Hash: 0ea7664533cb5282ea89216e93db6096 2009/6/26 Ed W : [snip] > However, to be clear I think this achieves a PIE install with no SSP?=A0 = Can > anyone confirm this is correct? That's correct. > Seems like SSP is desirable, but not really sure why it's not so > straightforward to turn on? The SSP implementation you are familiar with is largely the work of Dr Hiroaki Etoh of IBM, Japan. As I understand it, the patch simply isn't being maintained any more and, consequently, others (Red Hat?) have picked up the baton and produced an implementation that it somewhat different. By mere virtue of being different, there are unique issues/bugs to be resolved before it can be enabled by default in the gcc-4.x hardened specs without causing undue breakage and inducing headaches throughout the hardened populace. Cheers, --Kerin