From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 17772 invoked from network); 26 Sep 2004 18:40:20 +0000 Received: from smtp.gentoo.org (156.56.111.197) by lists.gentoo.org with AES256-SHA encrypted SMTP; 26 Sep 2004 18:40:20 +0000 Received: from lists.gentoo.org ([156.56.111.196] helo=parrot.gentoo.org) by smtp.gentoo.org with esmtp (Exim 4.41) id 1CBdwZ-0006lr-Kf for arch-gentoo-security@lists.gentoo.org; Sun, 26 Sep 2004 18:40:19 +0000 Received: (qmail 16329 invoked by uid 89); 26 Sep 2004 18:39:35 +0000 Mailing-List: contact gentoo-security-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-security@gentoo.org Received: (qmail 21005 invoked from network); 26 Sep 2004 18:39:35 +0000 Message-ID: <41570CF7.40105@comcast.net> Date: Sun, 26 Sep 2004 14:39:51 -0400 From: John Richard Moser User-Agent: Mozilla Thunderbird 0.7.3 (X11/20040916) X-Accept-Language: en-us, en MIME-Version: 1.0 To: John Richard Moser CC: gentoo-security@lists.gentoo.org, gentoo-dev@lists.gentoo.org References: <4151A04F.5090304@comcast.net> In-Reply-To: <4151A04F.5090304@comcast.net> X-Enigmail-Version: 0.85.0.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: [gentoo-security] Re: [gentoo-dev] Stack smash protected daemons X-Archives-Salt: afb3da48-d729-4b35-b06f-15f079b9988e X-Archives-Hash: 4fc2982c2ac7b7ab0e1487037a02863a -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TIME TO KILL THIS THREAD. ~ - Some people think SSP goes everywhere ~ - Some people think SSP is an ugly hack that shouldn't be used ~ - Some people think users don't want SSP ~ - Some people think users don't know about SSP and need education ~ - Some people want to poll the userbase I HAVE REACHED A SOLUTION. Phase 1: Documentation On the advice of multiple contributers to this thread, Gentoo should give brief documentation about SSP in the install guide. This would bring SSP to users' attention and allow them to decide if they want to Stage 1 + SSP their system, rather than Stage 2 or 3 or normal Stage 1. Such documentation should contain external links to pages about SSP, such as the white paper[1] and the main site[2]; or to the Hardened Gentoo[3] page or documentation on there. [1] http://www.trl.ibm.com/projects/security/ssp/main.html [2] http://www.trl.ibm.com/projects/security/ssp/ [3] http://hardened.gentoo.org/ Brief documentation about SSP may be added to make.conf to get the information to current users who won't read the install guide over again. It may also be flashed on screen using 'einfo' after upgrading portage for the next few stable versions; such a message would direct the user to check out the comments in make.conf.example about CFLAGS and - -fstack-protector. This message would of course later be removed when enough of the user base has seen it. Phase 2: Gather Information If SSP becomes popular, then a lot of users will be compiling from Stage 1. Because SSP is off by default, Stage 2 and 3 will not be protected. The Gentoo developers would need to find out if most users on given archs were using and satisfied with SSP. It would also be important to know if these users were using Stage 1 instead of 2 or 3 for this reason. When polling users, remember that NEUTRALS DO NOT COUNT. If you have 20 people who don't want SSP, 20 that want it, and 400 that don't care, you have a 50/50 split. Similarly, if you have 35 that want SSP, 5 that don't, and 400 that don't care, you have only 1/8 objection and 7/8 for. ~ It works the other way too. Phase 3: Deployment If the information gathered in (Phase 2) displays that a significant portion of the user base uses SSP, and especially if they forego Stage 2 or 3 in favor of Stage 1 just for SSP, then steps to enhance deployment should be taken. Stage 2 and 3 tarballs should be released with - -fstack-protector in CFLAGS, and with all contained, pre-built programs compiled -fstack-protector. Non-SSP stages may or may not be phased out eventually if this happens. ~ If this process evolves Gentoo into a state where it is acknowledged that most non-neutral users want SSP, then the non-ssp stages will vanish, and GRP packages may possibly become SSP-enabled as well. If the facts show that most people are dissatisfied with or flat out against SSP, then (Phase 3) will never occur. Phase 3 is essentially "giving the users what they want" based on Phase 2 ("finding out what the users want"). It's justified because users can still go without SSP if you do this, but it'd be more difficult. You make it *easier* for *most* users to get what they want, but leave it *possible* for the minority to change it back. Which is which is to be determined. - -- All content of all messages exchanged herein are left in the Public Domain, unless otherwise explicitly stated. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBVwz2hDd4aOud5P8RArKxAJ448lt0j1zL+m0UP++aecvLOXCVZwCgkPT0 tPzF+IuxqDOsnwB+/r0ac9E= =dVlM -----END PGP SIGNATURE----- -- gentoo-security@gentoo.org mailing list