On 01/09/2014 05:21 PM, Michał Górny wrote:
Dnia 2014-01-09, o godz. 17:06:52
"Anthony G. Basile" <bluen...@gentoo.org> napisał(a):
On 01/09/2014 04:57 PM, Pacho Ramos wrote:
What are the advantages of disabling SSP to deserve that "special"
handling via USE flag or easily disabling it appending the flag?
There are some cases where ssp could break things. I know of once case
right now, but its somewhat exotic. Also, sometimes we *want* to break
things for testing. I'm thinking here of instance where we want to test
a pax hardened kernel to see if it catches abuses of memory which would
otherwise be caught by executables emitted from a hardened toolchain.
Take a look at the app-admin/paxtest suite.
Just to be clear, are we talking about potential system-wide breakage
or single, specific packages being broken by SSP? In other words, are
there cases when people will really want to disable SSP completely?
Unless I'm misunderstanding something, your examples sound like you
just want -fno-stack-protector per-package. I don't really think you
actually want to rebuild whole gcc just to do some testing on a single
package...
Correct, you'd only want to turn off ssp per package and then only in
rare cases. You should never have to rebuild gcc for this. With ssp on
by default, gcc specs would add -fstack-protector to all builds. If you
don't want a package build with ssp, then just do
CFLAGS="-fno-stack-protector" and you're building without ssp.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail : bluen...@gentoo.org
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA
GnuPG ID : F52D4BBA
