public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-user] eix USE=security
@ 2011-12-17 11:15 Florian Philipp
  2011-12-17 15:38 ` [gentoo-user] " James
  2011-12-17 23:35 ` Nikos Chantziaras
  0 siblings, 2 replies; 5+ messages in thread
From: Florian Philipp @ 2011-12-17 11:15 UTC (permalink / raw
  To: Gentoo User List

[-- Attachment #1: Type: text/plain, Size: 287 bytes --]

Hi list!

I just noticed the USE flag "security" in stable app-portage/eix. The
description is hardly helpful: It fixes exploits but is not enabled by
default. Why? What are the drawbacks? I couldn't find anything in a
quick online search.

Thanks in advance!
Florian Philipp


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [gentoo-user] Re: eix USE=security
  2011-12-17 11:15 [gentoo-user] eix USE=security Florian Philipp
@ 2011-12-17 15:38 ` James
  2011-12-17 22:48   ` Florian Philipp
  2011-12-17 23:35 ` Nikos Chantziaras
  1 sibling, 1 reply; 5+ messages in thread
From: James @ 2011-12-17 15:38 UTC (permalink / raw
  To: gentoo-user

Florian Philipp <lists <at> binarywings.net> writes:

> 
> Hi list!
> 
> I just noticed the USE flag "security" in stable app-portage/eix. The
> description is hardly helpful: It fixes exploits but is not enabled by
> default. Why? What are the drawbacks? I couldn't find anything in a
> quick online search.

ef security

This adds some checks which can prevent certain exploits if e.g. the eix code
has a bug. If you use the hardened toolchain, using this flag does not increase
security and can even lead to problems.
install the security module needed for some servers


hth,
James






^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [gentoo-user] Re: eix USE=security
  2011-12-17 15:38 ` [gentoo-user] " James
@ 2011-12-17 22:48   ` Florian Philipp
  2011-12-17 22:59     ` Neil Bothwick
  0 siblings, 1 reply; 5+ messages in thread
From: Florian Philipp @ 2011-12-17 22:48 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 799 bytes --]

Am 17.12.2011 16:38, schrieb James:
> Florian Philipp <lists <at> binarywings.net> writes:
> 
>>
>> Hi list!
>>
>> I just noticed the USE flag "security" in stable app-portage/eix. The
>> description is hardly helpful: It fixes exploits but is not enabled by
>> default. Why? What are the drawbacks? I couldn't find anything in a
>> quick online search.
> 
> ef security
> 
> This adds some checks which can prevent certain exploits if e.g. the eix code
> has a bug. If you use the hardened toolchain, using this flag does not increase
> security and can even lead to problems.
> install the security module needed for some servers
> 
> 

As I said, this description is hardly useful. If it fixes exploits, then
why is it not enabled for non-hardened profiles per default?



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [gentoo-user] Re: eix USE=security
  2011-12-17 22:48   ` Florian Philipp
@ 2011-12-17 22:59     ` Neil Bothwick
  0 siblings, 0 replies; 5+ messages in thread
From: Neil Bothwick @ 2011-12-17 22:59 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 612 bytes --]

On Sat, 17 Dec 2011 23:48:29 +0100, Florian Philipp wrote:

> > This adds some checks which can prevent certain exploits if e.g. the
> > eix code has a bug.

> As I said, this description is hardly useful. If it fixes exploits, then
> why is it not enabled for non-hardened profiles per default?

It doesn't actually say that it fixes anything. It's more of a "it may
possibly prevent certain exploits using undefined, and maybe unknown,
bugs in the code". That's more a politician's language than a coder's.


-- 
Neil Bothwick

Good fortune will find you provided you left clear instructions.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [gentoo-user] Re: eix USE=security
  2011-12-17 11:15 [gentoo-user] eix USE=security Florian Philipp
  2011-12-17 15:38 ` [gentoo-user] " James
@ 2011-12-17 23:35 ` Nikos Chantziaras
  1 sibling, 0 replies; 5+ messages in thread
From: Nikos Chantziaras @ 2011-12-17 23:35 UTC (permalink / raw
  To: gentoo-user

On 12/17/2011 01:15 PM, Florian Philipp wrote:
> Hi list!
>
> I just noticed the USE flag "security" in stable app-portage/eix. The
> description is hardly helpful: It fixes exploits but is not enabled by
> default. Why? What are the drawbacks? I couldn't find anything in a
> quick online search.

eix is known for having some rather ridiculous USE flags (optimization,
strong-optimization).  "security" is another one you can simply ignore.




^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2011-12-17 23:36 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-12-17 11:15 [gentoo-user] eix USE=security Florian Philipp
2011-12-17 15:38 ` [gentoo-user] " James
2011-12-17 22:48   ` Florian Philipp
2011-12-17 22:59     ` Neil Bothwick
2011-12-17 23:35 ` Nikos Chantziaras

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox