[gentoo-user] eix USE=security

[gentoo-user] eix USE=security

[Florian Philipp]

[-- Attachment #1: Type: text/plain, Size: 287 bytes --]

Hi list!

I just noticed the USE flag "security" in stable app-portage/eix. The
description is hardly helpful: It fixes exploits but is not enabled by
default. Why? What are the drawbacks? I couldn't find anything in a
quick online search.

Thanks in advance!
Florian Philipp


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]

[gentoo-user] Re: eix USE=security

[James]

Florian Philipp <lists <at> binarywings.net> writes:

> 
> Hi list!
> 
> I just noticed the USE flag "security" in stable app-portage/eix. The
> description is hardly helpful: It fixes exploits but is not enabled by
> default. Why? What are the drawbacks? I couldn't find anything in a
> quick online search.

ef security

This adds some checks which can prevent certain exploits if e.g. the eix code
has a bug. If you use the hardened toolchain, using this flag does not increase
security and can even lead to problems.
install the security module needed for some servers


hth,
James

Re: [gentoo-user] Re: eix USE=security

[Florian Philipp]

[-- Attachment #1: Type: text/plain, Size: 799 bytes --]

Am 17.12.2011 16:38, schrieb James:
> Florian Philipp <lists <at> binarywings.net> writes:
> 
>>
>> Hi list!
>>
>> I just noticed the USE flag "security" in stable app-portage/eix. The
>> description is hardly helpful: It fixes exploits but is not enabled by
>> default. Why? What are the drawbacks? I couldn't find anything in a
>> quick online search.
> 
> ef security
> 
> This adds some checks which can prevent certain exploits if e.g. the eix code
> has a bug. If you use the hardened toolchain, using this flag does not increase
> security and can even lead to problems.
> install the security module needed for some servers
> 
> 

As I said, this description is hardly useful. If it fixes exploits, then
why is it not enabled for non-hardened profiles per default?



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]

Re: [gentoo-user] Re: eix USE=security

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 612 bytes --]

On Sat, 17 Dec 2011 23:48:29 +0100, Florian Philipp wrote:

> > This adds some checks which can prevent certain exploits if e.g. the
> > eix code has a bug.

> As I said, this description is hardly useful. If it fixes exploits, then
> why is it not enabled for non-hardened profiles per default?

It doesn't actually say that it fixes anything. It's more of a "it may
possibly prevent certain exploits using undefined, and maybe unknown,
bugs in the code". That's more a politician's language than a coder's.


-- 
Neil Bothwick

Good fortune will find you provided you left clear instructions.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

[gentoo-user] Re: eix USE=security

[Nikos Chantziaras]

On 12/17/2011 01:15 PM, Florian Philipp wrote:
> Hi list!
>
> I just noticed the USE flag "security" in stable app-portage/eix. The
> description is hardly helpful: It fixes exploits but is not enabled by
> default. Why? What are the drawbacks? I couldn't find anything in a
> quick online search.

eix is known for having some rather ridiculous USE flags (optimization,
strong-optimization).  "security" is another one you can simply ignore.