-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/09/2014 06:01 PM, Anthony G. Basile wrote: > On 01/09/2014 05:21 PM, Michał Górny wrote: >> Dnia 2014-01-09, o godz. 17:06:52 >> "Anthony G. Basile" <bluen...@gentoo.org> napisał(a): >> >>> On 01/09/2014 04:57 PM, Pacho Ramos wrote: >>>> What are the advantages of disabling SSP to deserve that "special" >>>> handling via USE flag or easily disabling it appending the flag? >>> There are some cases where ssp could break things. I know of once case >>> right now, but its somewhat exotic. Also, sometimes we *want* to break >>> things for testing. I'm thinking here of instance where we want to test >>> a pax hardened kernel to see if it catches abuses of memory which would >>> otherwise be caught by executables emitted from a hardened toolchain. >>> Take a look at the app-admin/paxtest suite. >> Just to be clear, are we talking about potential system-wide breakage >> or single, specific packages being broken by SSP? In other words, are >> there cases when people will really want to disable SSP completely? >> >> Unless I'm misunderstanding something, your examples sound like you >> just want -fno-stack-protector per-package. I don't really think you >> actually want to rebuild whole gcc just to do some testing on a single >> package... >> > Correct, you'd only want to turn off ssp per package and then only in > rare cases. You should never have to rebuild gcc for this. With ssp on > by default, gcc specs would add -fstack-protector to all builds. If you > don't want a package build with ssp, then just do > CFLAGS="-fno-stack-protector" and you're building without ssp. > This reads very much like "the nossp use flag is useless".
Not that Zorry needs to fix that (preexisting and all that) but it sounds to me like it's safe to remove these types of use flags from toolchain. I'm really interested in dirtyepic's opinion though... sir? Thanks, Zero -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSzy0dAAoJEKXdFCfdEflKZJEP/3P/Gq3sD6aB9XDcsLxUAVqC vg10PuwhmNpJK6HiYO2F/C5TNv3J+hpkiYPDMgjChOTw+JvqGCeIYYKvKuumtIXV fjnHDW9IRD8BGHlNFF9xx3sGV9VMPYDNICkK3oeNQJPlZOVSbnVEWsaTju/CEA7e tMkeA93ULed9pSzSZ3OBAIwLH906Kh8hO+o/gcJDyBa9/tJrXKfS+jtd6zTMbVtO 8ruLjRUDTsYwt61uMFhV7R/eWlSagGIFDGbxop0JyhTZaB+zxvbm8wzmZck4Tc2J HFO4A289zFBVZESaDA4SHAYJHQTSMND1fzAB8X4sPEwNebmLwOinneuA7XYVRsHW svu/I3tUPjNTKimTSmjMySi7f+3QDYLIxQ8UY0PUCPKjdlNZMQruqCR52lTsjy8F n0EpLMqodD61B+aCkkBpdrt1sx/BJ4AISq8R51yiJecujPoSk1oj5gG1aFOPK/mG BIQqLL1c6TvbB4ECLVMh6YAfxRKcyCT8tlMZqu2rTRqtxQ+YlUnxwvIQV7ivQ5sL M8eC/HjVjd0In9v5GVxePa3NFfwwuswnFipi2mivniajmZYi8M8avSVLpv54Kvi0 cAysdf/FP4WA+iVCd5J+MKGygKKSmbyYZ9IHyE4yCyCNK+0+ZZcFm9YNy9nx8rAJ 4ctTVxoCTtA+B9p3MBnL =6a0w -----END PGP SIGNATURE-----
