On 01/09/2014 05:29 PM, Rick "Zero_Chaos" Farina wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/09/2014 05:21 PM, Michał Górny wrote:
Dnia 2014-01-09, o godz. 17:06:52
"Anthony G. Basile" <bluen...@gentoo.org> napisał(a):
On 01/09/2014 04:57 PM, Pacho Ramos wrote:
What are the advantages of disabling SSP to deserve that "special"
handling via USE flag or easily disabling it appending the flag?
There are some cases where ssp could break things. I know of once case
right now, but its somewhat exotic. Also, sometimes we *want* to break
things for testing. I'm thinking here of instance where we want to test
a pax hardened kernel to see if it catches abuses of memory which would
otherwise be caught by executables emitted from a hardened toolchain.
Take a look at the app-admin/paxtest suite.
Just to be clear, are we talking about potential system-wide breakage
or single, specific packages being broken by SSP? In other words, are
there cases when people will really want to disable SSP completely?
Unless I'm misunderstanding something, your examples sound like you
just want -fno-stack-protector per-package. I don't really think you
actually want to rebuild whole gcc just to do some testing on a single
package...
Or just as easily set -fno-stack-protector in CFLAGS in make.conf.
I never felt manipulating cflags with use flags was a great idea, but in
this case is does feel extra pointless.
Personally I don't feel this is needed, and the added benefit of
clearing up a bogus "noblah" use flag makes me smile.
Zorry, do we really need this flag?
toolchain.eclass currently uses nossp as well as nopie. You'd have to
rework that to get rid of the flag.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail : bluen...@gentoo.org
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA
GnuPG ID : F52D4BBA
