-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/09/2014 06:09 PM, Anthony G. Basile wrote: > On 01/09/2014 05:29 PM, Rick "Zero_Chaos" Farina wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On 01/09/2014 05:21 PM, Michał Górny wrote: >>> Dnia 2014-01-09, o godz. 17:06:52 >>> "Anthony G. Basile" <bluen...@gentoo.org> napisał(a): >>> >>>> On 01/09/2014 04:57 PM, Pacho Ramos wrote: >>>>> What are the advantages of disabling SSP to deserve that "special" >>>>> handling via USE flag or easily disabling it appending the flag? >>>> There are some cases where ssp could break things. I know of once case >>>> right now, but its somewhat exotic. Also, sometimes we *want* to break >>>> things for testing. I'm thinking here of instance where we want to >>>> test >>>> a pax hardened kernel to see if it catches abuses of memory which would >>>> otherwise be caught by executables emitted from a hardened toolchain. >>>> Take a look at the app-admin/paxtest suite. >>> Just to be clear, are we talking about potential system-wide breakage >>> or single, specific packages being broken by SSP? In other words, are >>> there cases when people will really want to disable SSP completely? >>> >>> Unless I'm misunderstanding something, your examples sound like you >>> just want -fno-stack-protector per-package. I don't really think you >>> actually want to rebuild whole gcc just to do some testing on a single >>> package... >>> >> Or just as easily set -fno-stack-protector in CFLAGS in make.conf. >> > > I just reread this and we'd better be clear here. With ssp on by > default in gcc, if you put CFLAGS="... -fno-stack-protector" in > make.conf you will build your *entire* system with no ssp. You probably > don't want this. You'll probably only want ssp off on a per package > basis, in which case, add a line to package.env and set the CFLAGS for > only that package. > Of course this is EXACTLY the same as building gcc[nossp] which is what we are discussing. So afaict you and I are in total agreement on all fronts.
- -Zero -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSzy6AAAoJEKXdFCfdEflKOY0P/2dfvjVAFTq9NyZqMgJe0j1/ sENGtTCAAxKWh3eoqPywDJpEarPYoIsctMUGbuM2Dx6kC1zv20klXiT9Oec5j8aG qnAogeCubAQD/AjDLI5VjDU5dAH7xUEEQKWPEEdjqfV1xWstW91f+tfPg2JkxpMS zeQtSAIhJJMRdcFXmmWIvbh8zAUczdxsEcdGBHSt97utbMnbJMOE1eGEWGqAfzWm vFYLnA8R/TZO//wkbkqNTAQjL3JV8DKScaqVyFxh5wQhTCLMN4QFVqnlSJGDiZPS bddylShRtMXXsqPmFmLIsFf9tY7N03+2U8Ex3l1ToEpBATK6kkwBtuVCv0tOPvp8 EYOOXjmHZSmsG37SUFMgZpsAfNCf6H030G1i9NEC2zOnW5i9vHWmL1rAVpVYGdu2 N3rW2QYPEQzIBjNOojsXp515okIzPt8biXcWGT1R+te2BUoEeNwLNco9zCJecL1H YZNSmmA0fwc/vgvKOh1kfV4VAFwmM/cHAlI7UPG9ypM6Fo/3dn7zZgUaXdQU2KeL g+UNaFDj2p8ob+2vIc5N0lNwSNgY/vms2DehXRAV52vwogxNBgTftJZwwQv+j25u g1JWGf/MOXbh7mfDDK5Xr10fHEui6hpeSofC3BZC8pQ6k1duB1rKituWhBzBJBPF w8AeXL74ZvsUwwUxwi4A =AtZz -----END PGP SIGNATURE-----
