* [gentoo-user] eix USE=security
@ 2011-12-17 11:15 Florian Philipp
2011-12-17 15:38 ` [gentoo-user] " James
2011-12-17 23:35 ` Nikos Chantziaras
0 siblings, 2 replies; 5+ messages in thread
From: Florian Philipp @ 2011-12-17 11:15 UTC (permalink / raw
To: Gentoo User List
[-- Attachment #1: Type: text/plain, Size: 287 bytes --]
Hi list!
I just noticed the USE flag "security" in stable app-portage/eix. The
description is hardly helpful: It fixes exploits but is not enabled by
default. Why? What are the drawbacks? I couldn't find anything in a
quick online search.
Thanks in advance!
Florian Philipp
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* [gentoo-user] Re: eix USE=security
2011-12-17 11:15 [gentoo-user] eix USE=security Florian Philipp
@ 2011-12-17 15:38 ` James
2011-12-17 22:48 ` Florian Philipp
2011-12-17 23:35 ` Nikos Chantziaras
1 sibling, 1 reply; 5+ messages in thread
From: James @ 2011-12-17 15:38 UTC (permalink / raw
To: gentoo-user
Florian Philipp <lists <at> binarywings.net> writes:
>
> Hi list!
>
> I just noticed the USE flag "security" in stable app-portage/eix. The
> description is hardly helpful: It fixes exploits but is not enabled by
> default. Why? What are the drawbacks? I couldn't find anything in a
> quick online search.
ef security
This adds some checks which can prevent certain exploits if e.g. the eix code
has a bug. If you use the hardened toolchain, using this flag does not increase
security and can even lead to problems.
install the security module needed for some servers
hth,
James
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-user] Re: eix USE=security
2011-12-17 15:38 ` [gentoo-user] " James
@ 2011-12-17 22:48 ` Florian Philipp
2011-12-17 22:59 ` Neil Bothwick
0 siblings, 1 reply; 5+ messages in thread
From: Florian Philipp @ 2011-12-17 22:48 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 799 bytes --]
Am 17.12.2011 16:38, schrieb James:
> Florian Philipp <lists <at> binarywings.net> writes:
>
>>
>> Hi list!
>>
>> I just noticed the USE flag "security" in stable app-portage/eix. The
>> description is hardly helpful: It fixes exploits but is not enabled by
>> default. Why? What are the drawbacks? I couldn't find anything in a
>> quick online search.
>
> ef security
>
> This adds some checks which can prevent certain exploits if e.g. the eix code
> has a bug. If you use the hardened toolchain, using this flag does not increase
> security and can even lead to problems.
> install the security module needed for some servers
>
>
As I said, this description is hardly useful. If it fixes exploits, then
why is it not enabled for non-hardened profiles per default?
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-user] Re: eix USE=security
2011-12-17 22:48 ` Florian Philipp
@ 2011-12-17 22:59 ` Neil Bothwick
0 siblings, 0 replies; 5+ messages in thread
From: Neil Bothwick @ 2011-12-17 22:59 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 612 bytes --]
On Sat, 17 Dec 2011 23:48:29 +0100, Florian Philipp wrote:
> > This adds some checks which can prevent certain exploits if e.g. the
> > eix code has a bug.
> As I said, this description is hardly useful. If it fixes exploits, then
> why is it not enabled for non-hardened profiles per default?
It doesn't actually say that it fixes anything. It's more of a "it may
possibly prevent certain exploits using undefined, and maybe unknown,
bugs in the code". That's more a politician's language than a coder's.
--
Neil Bothwick
Good fortune will find you provided you left clear instructions.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* [gentoo-user] Re: eix USE=security
2011-12-17 11:15 [gentoo-user] eix USE=security Florian Philipp
2011-12-17 15:38 ` [gentoo-user] " James
@ 2011-12-17 23:35 ` Nikos Chantziaras
1 sibling, 0 replies; 5+ messages in thread
From: Nikos Chantziaras @ 2011-12-17 23:35 UTC (permalink / raw
To: gentoo-user
On 12/17/2011 01:15 PM, Florian Philipp wrote:
> Hi list!
>
> I just noticed the USE flag "security" in stable app-portage/eix. The
> description is hardly helpful: It fixes exploits but is not enabled by
> default. Why? What are the drawbacks? I couldn't find anything in a
> quick online search.
eix is known for having some rather ridiculous USE flags (optimization,
strong-optimization). "security" is another one you can simply ignore.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2011-12-17 23:36 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-12-17 11:15 [gentoo-user] eix USE=security Florian Philipp
2011-12-17 15:38 ` [gentoo-user] " James
2011-12-17 22:48 ` Florian Philipp
2011-12-17 22:59 ` Neil Bothwick
2011-12-17 23:35 ` Nikos Chantziaras
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox