subject:"Review Request 52645\: Harden Mesos"

Re: Review Request 52645: Harden Mesos

2016-11-30 Thread Aaron Wood


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/
---

(Updated Nov. 30, 2016, 8:51 p.m.)


Review request for mesos, James Peach, Michael Park, and Neil Conway.


Changes
---

Don't warn when stack protection isn't used.


Bugs: MESOS-6229
https://issues.apache.org/jira/browse/MESOS-6229


Repository: mesos


Description
---

Add hardened flags for Mesos.
Take compile flag macro at 391cb680171d3889965b1ead43d3a326c913bc25.
The macro at 1a869696e4129279f7b99c3f9052717354b79a86 requires autoconf 2.64 
which breaks on CentOS 6.


Diffs (updated)
-

  configure.ac 5380cbc 
  m4/ax_check_compile_flag.m4 PRE-CREATION 
  src/Makefile.am 7750ed7 

Diff: https://reviews.apache.org/r/52645/diff/


Testing
---

Compared the benchmarks with and without the flags being used. Also did a 
comparsion with the flags being used with and without optimizations and without 
the flags being used with and without optimizations. Overall the performance 
hit was very small with a 3-8% overhead (optimizations brings this down 
slightly). Most benchmarks were about 5% (or less) slower.


Thanks,

Aaron Wood

Re: Review Request 52645: Harden Mesos

2016-11-30 Thread Aaron Wood


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/
---

(Updated Nov. 30, 2016, 5:19 p.m.)


Review request for mesos, James Peach, Michael Park, and Neil Conway.


Changes
---

Fixed newline issue in the macro.


Bugs: MESOS-6229
https://issues.apache.org/jira/browse/MESOS-6229


Repository: mesos


Description
---

Add hardened flags for Mesos.
Take compile flag macro at 391cb680171d3889965b1ead43d3a326c913bc25.
The macro at 1a869696e4129279f7b99c3f9052717354b79a86 requires autoconf 2.64 
which breaks on CentOS 6.


Diffs (updated)
-

  configure.ac 5380cbc 
  m4/ax_check_compile_flag.m4 PRE-CREATION 
  src/Makefile.am 7750ed7 

Diff: https://reviews.apache.org/r/52645/diff/


Testing
---

Compared the benchmarks with and without the flags being used. Also did a 
comparsion with the flags being used with and without optimizations and without 
the flags being used with and without optimizations. Overall the performance 
hit was very small with a 3-8% overhead (optimizations brings this down 
slightly). Most benchmarks were about 5% (or less) slower.


Thanks,

Aaron Wood

Re: Review Request 52645: Harden Mesos

2016-11-29 Thread Aaron Wood


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/
---

(Updated Nov. 29, 2016, 4:21 p.m.)


Review request for mesos, James Peach, Michael Park, and Neil Conway.


Bugs: MESOS-6229
https://issues.apache.org/jira/browse/MESOS-6229


Repository: mesos


Description
---

Add hardened flags for Mesos.
Take compile flag macro at 391cb680171d3889965b1ead43d3a326c913bc25.
The macro at 1a869696e4129279f7b99c3f9052717354b79a86 requires autoconf 2.64 
which breaks on CentOS 6.


Diffs (updated)
-

  configure.ac 5380cbc 
  m4/ax_check_compile_flag.m4 PRE-CREATION 
  src/Makefile.am 85eda53 

Diff: https://reviews.apache.org/r/52645/diff/


Testing
---

Compared the benchmarks with and without the flags being used. Also did a 
comparsion with the flags being used with and without optimizations and without 
the flags being used with and without optimizations. Overall the performance 
hit was very small with a 3-8% overhead (optimizations brings this down 
slightly). Most benchmarks were about 5% (or less) slower.


Thanks,

Aaron Wood

Re: Review Request 52645: Harden Mesos

2016-11-29 Thread Aaron Wood


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/
---

(Updated Nov. 29, 2016, 4:15 p.m.)


Review request for mesos, James Peach, Michael Park, and Neil Conway.


Bugs: MESOS-6229
https://issues.apache.org/jira/browse/MESOS-6229


Repository: mesos


Description (updated)
---

Add hardened flags for Mesos.
Take compile flag macro at 391cb680171d3889965b1ead43d3a326c913bc25.
The macro at 1a869696e4129279f7b99c3f9052717354b79a86 requires autoconf 2.64 
which breaks on CentOS 6.


Diffs
-

  configure.ac 5380cbc 
  m4/ax_check_compile_flag.m4 PRE-CREATION 
  src/Makefile.am 85eda53 

Diff: https://reviews.apache.org/r/52645/diff/


Testing
---

Compared the benchmarks with and without the flags being used. Also did a 
comparsion with the flags being used with and without optimizations and without 
the flags being used with and without optimizations. Overall the performance 
hit was very small with a 3-8% overhead (optimizations brings this down 
slightly). Most benchmarks were about 5% (or less) slower.


Thanks,

Aaron Wood

Re: Review Request 52645: Harden Mesos

2016-11-29 Thread Aaron Wood


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/
---

(Updated Nov. 29, 2016, 4:13 p.m.)


Review request for mesos, James Peach, Michael Park, and Neil Conway.


Changes
---

Changed the version of the macro (taken from 
391cb680171d3889965b1ead43d3a326c913bc25)


Bugs: MESOS-6229
https://issues.apache.org/jira/browse/MESOS-6229


Repository: mesos


Description (updated)
---

Add hardened flags for Mesos.
Take compile flag macro at 391cb680171d3889965b1ead43d3a326c913bc25.


Diffs (updated)
-

  configure.ac 5380cbc 
  m4/ax_check_compile_flag.m4 PRE-CREATION 
  src/Makefile.am 85eda53 

Diff: https://reviews.apache.org/r/52645/diff/


Testing
---

Compared the benchmarks with and without the flags being used. Also did a 
comparsion with the flags being used with and without optimizations and without 
the flags being used with and without optimizations. Overall the performance 
hit was very small with a 3-8% overhead (optimizations brings this down 
slightly). Most benchmarks were about 5% (or less) slower.


Thanks,

Aaron Wood

Re: Review Request 52645: Harden Mesos

2016-11-22 Thread Aaron Wood



> On Nov. 19, 2016, 12:52 a.m., Michael Park wrote:
> > m4/ax_check_compile_flag.m4, line 61
> > 
> >
> > This seems to introduce a new requirement of `autoconf` version 2.64 or 
> > higher. Ran into this no CentOS 6.
> 
> Benjamin Bannier wrote:
> This is really unfortunate, but looking at the upstream history of this 
> file it appears that the latest upstream version from before this new 
> requirement was introduced (`391cb680171d3889965b1ead43d3a326c913bc25`) does 
> the job just as well (I checked this with . The patch introducing this new on 
> requirement on autoconf-2.64 (`1a869696e4129279f7b99c3f9052717354b79a86`) was 
> just to remove some antiquated code patterns,
> 
> commit 1a869696e4129279f7b99c3f9052717354b79a86
> Author: Bastien ROUCARIÈS 
> Date:   Tue Jan 6 18:53:54 2015 +0100
> 
> Modernize ax_append_flag, ax_check_*_flag
> 
> Use AS_VAR* macro and AS_CASE
> 
> I suggest we go with the version from 
> `391cb680171d3889965b1ead43d3a326c913bc25` which requires autoconf-2.59 for 
> now, but call this out in the commit message (SHA we took this from, 
> requirement to support autoconf-2.63 on centos-6.8).
> 
> Some for the follow-up commits introducing this macro to libprocess and 
> stout.
> 
> Benjamin Bannier wrote:
> !fixup I check this with centos-6.8.

Thanks for checking into this! I was just going to do the same, I'll get the 
remaining patches fixed up with a previous version of that macro.


- Aaron


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/#review156367
---


On Nov. 9, 2016, 7:37 p.m., Aaron Wood wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52645/
> ---
> 
> (Updated Nov. 9, 2016, 7:37 p.m.)
> 
> 
> Review request for mesos, James Peach, Michael Park, and Neil Conway.
> 
> 
> Bugs: MESOS-6229
> https://issues.apache.org/jira/browse/MESOS-6229
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Add hardened flags for Mesos.
> Take compile flag macro at 1a869696e4129279f7b99c3f9052717354b79a86.
> 
> 
> Diffs
> -
> 
>   configure.ac 5380cbc 
>   m4/ax_check_compile_flag.m4 PRE-CREATION 
>   src/Makefile.am 5a47c93 
> 
> Diff: https://reviews.apache.org/r/52645/diff/
> 
> 
> Testing
> ---
> 
> Compared the benchmarks with and without the flags being used. Also did a 
> comparsion with the flags being used with and without optimizations and 
> without the flags being used with and without optimizations. Overall the 
> performance hit was very small with a 3-8% overhead (optimizations brings 
> this down slightly). Most benchmarks were about 5% (or less) slower.
> 
> 
> Thanks,
> 
> Aaron Wood
> 
>

Re: Review Request 52645: Harden Mesos

2016-11-22 Thread Benjamin Bannier



> On Nov. 19, 2016, 1:52 a.m., Michael Park wrote:
> > m4/ax_check_compile_flag.m4, line 61
> > 
> >
> > This seems to introduce a new requirement of `autoconf` version 2.64 or 
> > higher. Ran into this no CentOS 6.
> 
> Benjamin Bannier wrote:
> This is really unfortunate, but looking at the upstream history of this 
> file it appears that the latest upstream version from before this new 
> requirement was introduced (`391cb680171d3889965b1ead43d3a326c913bc25`) does 
> the job just as well (I checked this with . The patch introducing this new on 
> requirement on autoconf-2.64 (`1a869696e4129279f7b99c3f9052717354b79a86`) was 
> just to remove some antiquated code patterns,
> 
> commit 1a869696e4129279f7b99c3f9052717354b79a86
> Author: Bastien ROUCARIÈS 
> Date:   Tue Jan 6 18:53:54 2015 +0100
> 
> Modernize ax_append_flag, ax_check_*_flag
> 
> Use AS_VAR* macro and AS_CASE
> 
> I suggest we go with the version from 
> `391cb680171d3889965b1ead43d3a326c913bc25` which requires autoconf-2.59 for 
> now, but call this out in the commit message (SHA we took this from, 
> requirement to support autoconf-2.63 on centos-6.8).
> 
> Some for the follow-up commits introducing this macro to libprocess and 
> stout.

!fixup I check this with centos-6.8.


- Benjamin


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/#review156367
---


On Nov. 9, 2016, 8:37 p.m., Aaron Wood wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52645/
> ---
> 
> (Updated Nov. 9, 2016, 8:37 p.m.)
> 
> 
> Review request for mesos, James Peach, Michael Park, and Neil Conway.
> 
> 
> Bugs: MESOS-6229
> https://issues.apache.org/jira/browse/MESOS-6229
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Add hardened flags for Mesos.
> Take compile flag macro at 1a869696e4129279f7b99c3f9052717354b79a86.
> 
> 
> Diffs
> -
> 
>   configure.ac 5380cbc 
>   m4/ax_check_compile_flag.m4 PRE-CREATION 
>   src/Makefile.am 5a47c93 
> 
> Diff: https://reviews.apache.org/r/52645/diff/
> 
> 
> Testing
> ---
> 
> Compared the benchmarks with and without the flags being used. Also did a 
> comparsion with the flags being used with and without optimizations and 
> without the flags being used with and without optimizations. Overall the 
> performance hit was very small with a 3-8% overhead (optimizations brings 
> this down slightly). Most benchmarks were about 5% (or less) slower.
> 
> 
> Thanks,
> 
> Aaron Wood
> 
>

Re: Review Request 52645: Harden Mesos

2016-11-22 Thread Benjamin Bannier

> On Nov. 19, 2016, 1:52 a.m., Michael Park wrote:
> > m4/ax_check_compile_flag.m4, line 61
> > 
> >
> > This seems to introduce a new requirement of `autoconf` version 2.64 or 
> > higher. Ran into this no CentOS 6.

This is really unfortunate, but looking at the upstream history of this file it 
appears that the latest upstream version from before this new requirement was 
introduced (`391cb680171d3889965b1ead43d3a326c913bc25`) does the job just as 
well (I checked this with . The patch introducing this new on requirement on 
autoconf-2.64 (`1a869696e4129279f7b99c3f9052717354b79a86`) was just to remove 
some antiquated code patterns,

commit 1a869696e4129279f7b99c3f9052717354b79a86
Author: Bastien ROUCARIÈS 
Date:   Tue Jan 6 18:53:54 2015 +0100

Modernize ax_append_flag, ax_check_*_flag

Use AS_VAR* macro and AS_CASE

I suggest we go with the version from 
`391cb680171d3889965b1ead43d3a326c913bc25` which requires autoconf-2.59 for 
now, but call this out in the commit message (SHA we took this from, 
requirement to support autoconf-2.63 on centos-6.8).

Some for the follow-up commits introducing this macro to libprocess and stout.

- Benjamin

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/#review156367
---

On Nov. 9, 2016, 8:37 p.m., Aaron Wood wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52645/
> ---
> 
> (Updated Nov. 9, 2016, 8:37 p.m.)
> 
> 
> Review request for mesos, James Peach, Michael Park, and Neil Conway.
> 
> 
> Bugs: MESOS-6229
> https://issues.apache.org/jira/browse/MESOS-6229
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Add hardened flags for Mesos.
> Take compile flag macro at 1a869696e4129279f7b99c3f9052717354b79a86.
> 
> 
> Diffs
> -
> 
>   configure.ac 5380cbc 
>   m4/ax_check_compile_flag.m4 PRE-CREATION 
>   src/Makefile.am 5a47c93 
> 
> Diff: https://reviews.apache.org/r/52645/diff/
> 
> 
> Testing
> ---
> 
> Compared the benchmarks with and without the flags being used. Also did a 
> comparsion with the flags being used with and without optimizations and 
> without the flags being used with and without optimizations. Overall the 
> performance hit was very small with a 3-8% overhead (optimizations brings 
> this down slightly). Most benchmarks were about 5% (or less) slower.
> 
> 
> Thanks,
> 
> Aaron Wood
> 
>

Re: Review Request 52645: Harden Mesos

2016-11-18 Thread Michael Park


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/#review156367
---




m4/ax_check_compile_flag.m4 (line 61)


This seems to introduce a new requirement of `autoconf` version 2.64 or 
higher. Ran into this no CentOS 6.


- Michael Park


On Nov. 9, 2016, 11:37 a.m., Aaron Wood wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52645/
> ---
> 
> (Updated Nov. 9, 2016, 11:37 a.m.)
> 
> 
> Review request for mesos, James Peach, Michael Park, and Neil Conway.
> 
> 
> Bugs: MESOS-6229
> https://issues.apache.org/jira/browse/MESOS-6229
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Add hardened flags for Mesos.
> Take compile flag macro at 1a869696e4129279f7b99c3f9052717354b79a86.
> 
> 
> Diffs
> -
> 
>   configure.ac 5380cbc 
>   m4/ax_check_compile_flag.m4 PRE-CREATION 
>   src/Makefile.am 5a47c93 
> 
> Diff: https://reviews.apache.org/r/52645/diff/
> 
> 
> Testing
> ---
> 
> Compared the benchmarks with and without the flags being used. Also did a 
> comparsion with the flags being used with and without optimizations and 
> without the flags being used with and without optimizations. Overall the 
> performance hit was very small with a 3-8% overhead (optimizations brings 
> this down slightly). Most benchmarks were about 5% (or less) slower.
> 
> 
> Thanks,
> 
> Aaron Wood
> 
>

Re: Review Request 52645: Harden Mesos

2016-11-17 Thread Michael Park


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/#review156250
---


Ship it!




Ship It!

- Michael Park


On Nov. 9, 2016, 11:37 a.m., Aaron Wood wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52645/
> ---
> 
> (Updated Nov. 9, 2016, 11:37 a.m.)
> 
> 
> Review request for mesos, James Peach, Michael Park, and Neil Conway.
> 
> 
> Bugs: MESOS-6229
> https://issues.apache.org/jira/browse/MESOS-6229
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Add hardened flags for Mesos.
> Take compile flag macro at 1a869696e4129279f7b99c3f9052717354b79a86.
> 
> 
> Diffs
> -
> 
>   configure.ac 5380cbc 
>   m4/ax_check_compile_flag.m4 PRE-CREATION 
>   src/Makefile.am 5a47c93 
> 
> Diff: https://reviews.apache.org/r/52645/diff/
> 
> 
> Testing
> ---
> 
> Compared the benchmarks with and without the flags being used. Also did a 
> comparsion with the flags being used with and without optimizations and 
> without the flags being used with and without optimizations. Overall the 
> performance hit was very small with a 3-8% overhead (optimizations brings 
> this down slightly). Most benchmarks were about 5% (or less) slower.
> 
> 
> Thanks,
> 
> Aaron Wood
> 
>

Re: Review Request 52645: Harden Mesos

2016-11-09 Thread Benjamin Bannier


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/#review155492
---


Ship it!




Lots great, thanks a lot.

- Benjamin Bannier


On Nov. 9, 2016, 8:37 p.m., Aaron Wood wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52645/
> ---
> 
> (Updated Nov. 9, 2016, 8:37 p.m.)
> 
> 
> Review request for mesos, James Peach, Michael Park, and Neil Conway.
> 
> 
> Bugs: MESOS-6229
> https://issues.apache.org/jira/browse/MESOS-6229
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Add hardened flags for Mesos.
> Take compile flag macro at 1a869696e4129279f7b99c3f9052717354b79a86.
> 
> 
> Diffs
> -
> 
>   configure.ac 5380cbc 
>   m4/ax_check_compile_flag.m4 PRE-CREATION 
>   src/Makefile.am 5a47c93 
> 
> Diff: https://reviews.apache.org/r/52645/diff/
> 
> 
> Testing
> ---
> 
> Compared the benchmarks with and without the flags being used. Also did a 
> comparsion with the flags being used with and without optimizations and 
> without the flags being used with and without optimizations. Overall the 
> performance hit was very small with a 3-8% overhead (optimizations brings 
> this down slightly). Most benchmarks were about 5% (or less) slower.
> 
> 
> Thanks,
> 
> Aaron Wood
> 
>

Re: Review Request 52645: Harden Mesos

2016-11-09 Thread Aaron Wood


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/
---

(Updated Nov. 9, 2016, 7:37 p.m.)


Review request for mesos, James Peach, Michael Park, and Neil Conway.


Bugs: MESOS-6229
https://issues.apache.org/jira/browse/MESOS-6229


Repository: mesos


Description (updated)
---

Add hardened flags for Mesos.
Take compile flag macro at 1a869696e4129279f7b99c3f9052717354b79a86.


Diffs
-

  configure.ac 5380cbc 
  m4/ax_check_compile_flag.m4 PRE-CREATION 
  src/Makefile.am 5a47c93 

Diff: https://reviews.apache.org/r/52645/diff/


Testing
---

Compared the benchmarks with and without the flags being used. Also did a 
comparsion with the flags being used with and without optimizations and without 
the flags being used with and without optimizations. Overall the performance 
hit was very small with a 3-8% overhead (optimizations brings this down 
slightly). Most benchmarks were about 5% (or less) slower.


Thanks,

Aaron Wood

Re: Review Request 52645: Harden Mesos

2016-11-09 Thread Aaron Wood


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/
---

(Updated Nov. 9, 2016, 7:37 p.m.)


Review request for mesos, James Peach, Michael Park, and Neil Conway.


Changes
---

Add `-Werror` back into `MESOS_CPPFLAGS`.


Bugs: MESOS-6229
https://issues.apache.org/jira/browse/MESOS-6229


Repository: mesos


Description
---

Use a default set of flags to provide additional security and hardening to 
Mesos. Additionally, check and catch more warnings/errors.


Diffs (updated)
-

  configure.ac 5380cbc 
  m4/ax_check_compile_flag.m4 PRE-CREATION 
  src/Makefile.am 5a47c93 

Diff: https://reviews.apache.org/r/52645/diff/


Testing
---

Compared the benchmarks with and without the flags being used. Also did a 
comparsion with the flags being used with and without optimizations and without 
the flags being used with and without optimizations. Overall the performance 
hit was very small with a 3-8% overhead (optimizations brings this down 
slightly). Most benchmarks were about 5% (or less) slower.


Thanks,

Aaron Wood

Re: Review Request 52645: Harden Mesos

2016-11-08 Thread Benjamin Bannier



> On Nov. 2, 2016, 10:33 a.m., Benjamin Bannier wrote:
> > src/Makefile.am, line 120
> > 
> >
> > Not sure we want to remove the existing `-Werror`.
> 
> Aaron Wood wrote:
> From a discussion with a few people on Slack it sounded like this was in 
> the wrong place to begin with (along with `-Wall` and `-Wsign-compare`). I 
> found that when I had moved this to `AM_CXXFLAGS` it would actually apply 
> hard errors for warnings where it never did before. The issue now with 
> putting this back into `AM_CXXFLAGS` is that all of the `clang: error: 
> argument unused during compilation: '-pthread'` warnings you get when 
> building Mesos which were always there now fail the whole thing. I think we'd 
> have to unravel the overall build process more to fix that issue.
> 
> Aaron Wood wrote:
> Dropping this for now. If you feel it's really important we can open it 
> again :)
> 
> Benjamin Bannier wrote:
> I feel it is really important. With this we'd suddenly not fail a build 
> introducing new warnings anymore. This might lead to people (or some CI) to 
> conclude such a build would be fine.
> 
> Let's just leave it in `MESOS_CPPFLAGS`.
> 
> Aaron Wood wrote:
> I can add it back to `MESOS_CPPFLAGS` but it never actually caused a 
> failure when there were warnings. For example, the warnings you get on OS X 
> about -pthread not being used would never fail the build when `-Werror` was 
> in `MESOS_CPPFLAGS`. It would when it was in `AM_CXXFLAGS`.

Roughly, both `CPPFLAGS` and `CXXFLAGS` are flags to the C++ compiler which is 
used for compiling and linking. `CPPFLAGS` are passed when only compiling, but 
`CXXFLAGS` are passed when compiling and linking.

The warning you mention above is emitted at the link stage.

`-Werror` in `CPPFLAGS` makes compiler warnings like the ones you added fatal 
errors.


- Benjamin


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/#review154524
---


On Nov. 8, 2016, 6:40 p.m., Aaron Wood wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52645/
> ---
> 
> (Updated Nov. 8, 2016, 6:40 p.m.)
> 
> 
> Review request for mesos, James Peach, Michael Park, and Neil Conway.
> 
> 
> Bugs: MESOS-6229
> https://issues.apache.org/jira/browse/MESOS-6229
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Use a default set of flags to provide additional security and hardening to 
> Mesos. Additionally, check and catch more warnings/errors.
> 
> 
> Diffs
> -
> 
>   configure.ac 5380cbc 
>   m4/ax_check_compile_flag.m4 PRE-CREATION 
>   src/Makefile.am 5a47c93 
> 
> Diff: https://reviews.apache.org/r/52645/diff/
> 
> 
> Testing
> ---
> 
> Compared the benchmarks with and without the flags being used. Also did a 
> comparsion with the flags being used with and without optimizations and 
> without the flags being used with and without optimizations. Overall the 
> performance hit was very small with a 3-8% overhead (optimizations brings 
> this down slightly). Most benchmarks were about 5% (or less) slower.
> 
> 
> Thanks,
> 
> Aaron Wood
> 
>

Re: Review Request 52645: Harden Mesos

2016-11-08 Thread Aaron Wood



> On Nov. 2, 2016, 9:33 a.m., Benjamin Bannier wrote:
> > src/Makefile.am, line 120
> > 
> >
> > Not sure we want to remove the existing `-Werror`.
> 
> Aaron Wood wrote:
> From a discussion with a few people on Slack it sounded like this was in 
> the wrong place to begin with (along with `-Wall` and `-Wsign-compare`). I 
> found that when I had moved this to `AM_CXXFLAGS` it would actually apply 
> hard errors for warnings where it never did before. The issue now with 
> putting this back into `AM_CXXFLAGS` is that all of the `clang: error: 
> argument unused during compilation: '-pthread'` warnings you get when 
> building Mesos which were always there now fail the whole thing. I think we'd 
> have to unravel the overall build process more to fix that issue.
> 
> Aaron Wood wrote:
> Dropping this for now. If you feel it's really important we can open it 
> again :)
> 
> Benjamin Bannier wrote:
> I feel it is really important. With this we'd suddenly not fail a build 
> introducing new warnings anymore. This might lead to people (or some CI) to 
> conclude such a build would be fine.
> 
> Let's just leave it in `MESOS_CPPFLAGS`.

I can add it back to `MESOS_CPPFLAGS` but it never actually caused a failure 
when there were warnings. For example, the warnings you get on OS X about 
-pthread not being used would never fail the build when `-Werror` was in 
`MESOS_CPPFLAGS`. It would when it was in `AM_CXXFLAGS`.


- Aaron


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/#review154524
---


On Nov. 8, 2016, 5:40 p.m., Aaron Wood wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52645/
> ---
> 
> (Updated Nov. 8, 2016, 5:40 p.m.)
> 
> 
> Review request for mesos, James Peach, Michael Park, and Neil Conway.
> 
> 
> Bugs: MESOS-6229
> https://issues.apache.org/jira/browse/MESOS-6229
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Use a default set of flags to provide additional security and hardening to 
> Mesos. Additionally, check and catch more warnings/errors.
> 
> 
> Diffs
> -
> 
>   configure.ac 5380cbc 
>   m4/ax_check_compile_flag.m4 PRE-CREATION 
>   src/Makefile.am 5a47c93 
> 
> Diff: https://reviews.apache.org/r/52645/diff/
> 
> 
> Testing
> ---
> 
> Compared the benchmarks with and without the flags being used. Also did a 
> comparsion with the flags being used with and without optimizations and 
> without the flags being used with and without optimizations. Overall the 
> performance hit was very small with a 3-8% overhead (optimizations brings 
> this down slightly). Most benchmarks were about 5% (or less) slower.
> 
> 
> Thanks,
> 
> Aaron Wood
> 
>

Re: Review Request 52645: Harden Mesos

2016-11-08 Thread Benjamin Bannier



> On Nov. 2, 2016, 10:33 a.m., Benjamin Bannier wrote:
> > src/Makefile.am, line 120
> > 
> >
> > Not sure we want to remove the existing `-Werror`.
> 
> Aaron Wood wrote:
> From a discussion with a few people on Slack it sounded like this was in 
> the wrong place to begin with (along with `-Wall` and `-Wsign-compare`). I 
> found that when I had moved this to `AM_CXXFLAGS` it would actually apply 
> hard errors for warnings where it never did before. The issue now with 
> putting this back into `AM_CXXFLAGS` is that all of the `clang: error: 
> argument unused during compilation: '-pthread'` warnings you get when 
> building Mesos which were always there now fail the whole thing. I think we'd 
> have to unravel the overall build process more to fix that issue.
> 
> Aaron Wood wrote:
> Dropping this for now. If you feel it's really important we can open it 
> again :)

I feel it is really important. With this we'd suddenly not fail a build 
introducing new warnings anymore. This might lead to people (or some CI) to 
conclude such a build would be fine.

Let's just leave it in `MESOS_CPPFLAGS`.


> On Nov. 2, 2016, 10:33 a.m., Benjamin Bannier wrote:
> > m4/ax_check_compile_flag.m4, line 1
> > 
> >
> > For future updates it would be great if we'd write down the 
> > autoconf-archive release this file came from (it looks like the latest 
> > release containing it is `v2016.09.16`).

You marked this as resolved, but I couldn't find the change. Could you please 
update e.g., the commit message to include something like

This commit adds ax_check_compiler_flag.m4 from 
git://git.sv.gnu.org/autoconf-archive.git tag v2016.09.16.


- Benjamin


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/#review154524
---


On Nov. 8, 2016, 6:40 p.m., Aaron Wood wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52645/
> ---
> 
> (Updated Nov. 8, 2016, 6:40 p.m.)
> 
> 
> Review request for mesos, James Peach, Michael Park, and Neil Conway.
> 
> 
> Bugs: MESOS-6229
> https://issues.apache.org/jira/browse/MESOS-6229
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Use a default set of flags to provide additional security and hardening to 
> Mesos. Additionally, check and catch more warnings/errors.
> 
> 
> Diffs
> -
> 
>   configure.ac 5380cbc 
>   m4/ax_check_compile_flag.m4 PRE-CREATION 
>   src/Makefile.am 5a47c93 
> 
> Diff: https://reviews.apache.org/r/52645/diff/
> 
> 
> Testing
> ---
> 
> Compared the benchmarks with and without the flags being used. Also did a 
> comparsion with the flags being used with and without optimizations and 
> without the flags being used with and without optimizations. Overall the 
> performance hit was very small with a 3-8% overhead (optimizations brings 
> this down slightly). Most benchmarks were about 5% (or less) slower.
> 
> 
> Thanks,
> 
> Aaron Wood
> 
>

Re: Review Request 52645: Harden Mesos

2016-11-08 Thread Aaron Wood


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/
---

(Updated Nov. 8, 2016, 5:40 p.m.)


Review request for mesos, James Peach, Michael Park, and Neil Conway.


Bugs: MESOS-6229
https://issues.apache.org/jira/browse/MESOS-6229


Repository: mesos


Description
---

Use a default set of flags to provide additional security and hardening to 
Mesos. Additionally, check and catch more warnings/errors.


Diffs
-

  configure.ac 5380cbc 
  m4/ax_check_compile_flag.m4 PRE-CREATION 
  src/Makefile.am 5a47c93 

Diff: https://reviews.apache.org/r/52645/diff/


Testing
---

Compared the benchmarks with and without the flags being used. Also did a 
comparsion with the flags being used with and without optimizations and without 
the flags being used with and without optimizations. Overall the performance 
hit was very small with a 3-8% overhead (optimizations brings this down 
slightly). Most benchmarks were about 5% (or less) slower.


Thanks,

Aaron Wood

Re: Review Request 52645: Harden Mesos

2016-11-07 Thread Aaron Wood


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/
---

(Updated Nov. 7, 2016, 9:53 p.m.)


Review request for mesos, James Peach, Michael Park, and Neil Conway.


Changes
---

Specify the hash in the commit message for the macro we took 
(1a869696e4129279f7b99c3f9052717354b79a86).


Bugs: MESOS-6229
https://issues.apache.org/jira/browse/MESOS-6229


Repository: mesos


Description
---

Use a default set of flags to provide additional security and hardening to 
Mesos. Additionally, check and catch more warnings/errors.


Diffs (updated)
-

  configure.ac 5380cbc 
  m4/ax_check_compile_flag.m4 PRE-CREATION 
  src/Makefile.am 5a47c93 

Diff: https://reviews.apache.org/r/52645/diff/


Testing
---

Compared the benchmarks with and without the flags being used. Also did a 
comparsion with the flags being used with and without optimizations and without 
the flags being used with and without optimizations. Overall the performance 
hit was very small with a 3-8% overhead (optimizations brings this down 
slightly). Most benchmarks were about 5% (or less) slower.


Thanks,

Aaron Wood

Re: Review Request 52645: Harden Mesos

2016-11-07 Thread Aaron Wood


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/
---

(Updated Nov. 7, 2016, 9:25 p.m.)


Review request for mesos, James Peach, Michael Park, and Neil Conway.


Changes
---

Addressed comments, added a new flag to enable/disable hardening, apply 
hardening by default.


Bugs: MESOS-6229
https://issues.apache.org/jira/browse/MESOS-6229


Repository: mesos


Description
---

Use a default set of flags to provide additional security and hardening to 
Mesos. Additionally, check and catch more warnings/errors.


Diffs (updated)
-

  configure.ac 5380cbc 
  m4/ax_check_compile_flag.m4 PRE-CREATION 
  src/Makefile.am 5a47c93 

Diff: https://reviews.apache.org/r/52645/diff/


Testing
---

Compared the benchmarks with and without the flags being used. Also did a 
comparsion with the flags being used with and without optimizations and without 
the flags being used with and without optimizations. Overall the performance 
hit was very small with a 3-8% overhead (optimizations brings this down 
slightly). Most benchmarks were about 5% (or less) slower.


Thanks,

Aaron Wood

Re: Review Request 52645: Harden Mesos

2016-11-07 Thread Aaron Wood



> On Nov. 2, 2016, 9:33 a.m., Benjamin Bannier wrote:
> > src/Makefile.am, line 120
> > 
> >
> > Not sure we want to remove the existing `-Werror`.
> 
> Aaron Wood wrote:
> From a discussion with a few people on Slack it sounded like this was in 
> the wrong place to begin with (along with `-Wall` and `-Wsign-compare`). I 
> found that when I had moved this to `AM_CXXFLAGS` it would actually apply 
> hard errors for warnings where it never did before. The issue now with 
> putting this back into `AM_CXXFLAGS` is that all of the `clang: error: 
> argument unused during compilation: '-pthread'` warnings you get when 
> building Mesos which were always there now fail the whole thing. I think we'd 
> have to unravel the overall build process more to fix that issue.

Dropping this for now. If you feel it's really important we can open it again :)


- Aaron


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/#review154524
---


On Nov. 1, 2016, 7:37 p.m., Aaron Wood wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52645/
> ---
> 
> (Updated Nov. 1, 2016, 7:37 p.m.)
> 
> 
> Review request for mesos, James Peach, Michael Park, and Neil Conway.
> 
> 
> Bugs: MESOS-6229
> https://issues.apache.org/jira/browse/MESOS-6229
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Use a default set of flags to provide additional security and hardening to 
> Mesos. Additionally, check and catch more warnings/errors.
> 
> 
> Diffs
> -
> 
>   configure.ac c8d48be 
>   m4/ax_check_compile_flag.m4 PRE-CREATION 
>   src/Makefile.am c2f9e44 
> 
> Diff: https://reviews.apache.org/r/52645/diff/
> 
> 
> Testing
> ---
> 
> Compared the benchmarks with and without the flags being used. Also did a 
> comparsion with the flags being used with and without optimizations and 
> without the flags being used with and without optimizations. Overall the 
> performance hit was very small with a 3-8% overhead (optimizations brings 
> this down slightly). Most benchmarks were about 5% (or less) slower.
> 
> 
> Thanks,
> 
> Aaron Wood
> 
>

Re: Review Request 52645: Harden Mesos

2016-11-07 Thread Aaron Wood



> On Nov. 2, 2016, 9:33 a.m., Benjamin Bannier wrote:
> > src/Makefile.am, line 114
> > 
> >
> > I am not a big fan of unconditionally omitting frame pointers as this 
> > gives the optimizer one less register to work with. Unfortunately one 
> > cannot easily tell the actual impact of this from the info here. Is this 
> > strictly needed here or just nice to have?

Going to drop this since we've all agreed on Slack to have the frame pointer 
modification done in a separate patch.


- Aaron


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/#review154524
---


On Nov. 1, 2016, 7:37 p.m., Aaron Wood wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52645/
> ---
> 
> (Updated Nov. 1, 2016, 7:37 p.m.)
> 
> 
> Review request for mesos, James Peach, Michael Park, and Neil Conway.
> 
> 
> Bugs: MESOS-6229
> https://issues.apache.org/jira/browse/MESOS-6229
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Use a default set of flags to provide additional security and hardening to 
> Mesos. Additionally, check and catch more warnings/errors.
> 
> 
> Diffs
> -
> 
>   configure.ac c8d48be 
>   m4/ax_check_compile_flag.m4 PRE-CREATION 
>   src/Makefile.am c2f9e44 
> 
> Diff: https://reviews.apache.org/r/52645/diff/
> 
> 
> Testing
> ---
> 
> Compared the benchmarks with and without the flags being used. Also did a 
> comparsion with the flags being used with and without optimizations and 
> without the flags being used with and without optimizations. Overall the 
> performance hit was very small with a 3-8% overhead (optimizations brings 
> this down slightly). Most benchmarks were about 5% (or less) slower.
> 
> 
> Thanks,
> 
> Aaron Wood
> 
>

Re: Review Request 52645: Harden Mesos

2016-11-02 Thread Aaron Wood



> On Nov. 2, 2016, 9:33 a.m., Benjamin Bannier wrote:
> > src/Makefile.am, line 120
> > 
> >
> > Not sure we want to remove the existing `-Werror`.

>From a discussion with a few people on Slack it sounded like this was in the 
>wrong place to begin with (along with `-Wall` and `-Wsign-compare`). I found 
>that when I had moved this to `AM_CXXFLAGS` it would actually apply hard 
>errors for warnings where it never did before. The issue now with putting this 
>back into `AM_CXXFLAGS` is that all of the `clang: error: argument unused 
>during compilation: '-pthread'` warnings you get when building Mesos which 
>were always there now fail the whole thing. I think we'd have to unravel the 
>overall build process more to fix that issue.


- Aaron


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/#review154524
---


On Nov. 1, 2016, 7:37 p.m., Aaron Wood wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52645/
> ---
> 
> (Updated Nov. 1, 2016, 7:37 p.m.)
> 
> 
> Review request for mesos, James Peach, Michael Park, and Neil Conway.
> 
> 
> Bugs: MESOS-6229
> https://issues.apache.org/jira/browse/MESOS-6229
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Use a default set of flags to provide additional security and hardening to 
> Mesos. Additionally, check and catch more warnings/errors.
> 
> 
> Diffs
> -
> 
>   configure.ac c8d48be 
>   m4/ax_check_compile_flag.m4 PRE-CREATION 
>   src/Makefile.am c2f9e44 
> 
> Diff: https://reviews.apache.org/r/52645/diff/
> 
> 
> Testing
> ---
> 
> Compared the benchmarks with and without the flags being used. Also did a 
> comparsion with the flags being used with and without optimizations and 
> without the flags being used with and without optimizations. Overall the 
> performance hit was very small with a 3-8% overhead (optimizations brings 
> this down slightly). Most benchmarks were about 5% (or less) slower.
> 
> 
> Thanks,
> 
> Aaron Wood
> 
>

Re: Review Request 52645: Harden Mesos

2016-11-02 Thread Benjamin Bannier

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/#review154524
---

configure.ac (line 485)

`s/!$/./`

m4/ax_check_compile_flag.m4 (line 1)

For future updates it would be great if we'd write down the 
autoconf-archive release this file came from (it looks like the latest release 
containing it is `v2016.09.16`).

src/Makefile.am (lines 102 - 110)

I think this would be easier to follow if you'd incrementially build up 
`AM_CXXFLAGS` while explaining their effect, e.g.,

# Enable common (and some language specific) warnings.
AM_CXXFLAGS += -Wall
# Warn when a comparison is made between signed and unsigned values.
AM_CXXFLAGS += -Wsign-compare
...

src/Makefile.am (line 114)

I am not a big fan of unconditionally omitting frame pointers as this gives 
the optimizer one less register to work with. Unfortunately one cannot easily 
tell the actual impact of this from the info here. Is this strictly needed here 
or just nice to have?

src/Makefile.am 

Not sure we want to remove the existing `-Werror`.

- Benjamin Bannier

On Nov. 1, 2016, 8:37 p.m., Aaron Wood wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52645/
> ---
> 
> (Updated Nov. 1, 2016, 8:37 p.m.)
> 
> 
> Review request for mesos, James Peach, Michael Park, and Neil Conway.
> 
> 
> Bugs: MESOS-6229
> https://issues.apache.org/jira/browse/MESOS-6229
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Use a default set of flags to provide additional security and hardening to 
> Mesos. Additionally, check and catch more warnings/errors.
> 
> 
> Diffs
> -
> 
>   configure.ac c8d48be 
>   m4/ax_check_compile_flag.m4 PRE-CREATION 
>   src/Makefile.am c2f9e44 
> 
> Diff: https://reviews.apache.org/r/52645/diff/
> 
> 
> Testing
> ---
> 
> Compared the benchmarks with and without the flags being used. Also did a 
> comparsion with the flags being used with and without optimizations and 
> without the flags being used with and without optimizations. Overall the 
> performance hit was very small with a 3-8% overhead (optimizations brings 
> this down slightly). Most benchmarks were about 5% (or less) slower.
> 
> 
> Thanks,
> 
> Aaron Wood
> 
>

Re: Review Request 52645: Harden Mesos

2016-11-01 Thread Mesos ReviewBot


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/#review154503
---



Patch looks great!

Reviews applied: [52647, 52886, 52754, 52645]

Passed command: export OS='ubuntu:14.04' BUILDTOOL='autotools' COMPILER='gcc' 
CONFIGURATION='--verbose' ENVIRONMENT='GLOG_v=1 MESOS_VERBOSE=1'; 
./support/docker_build.sh

- Mesos ReviewBot


On Nov. 1, 2016, 7:37 p.m., Aaron Wood wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52645/
> ---
> 
> (Updated Nov. 1, 2016, 7:37 p.m.)
> 
> 
> Review request for mesos, James Peach, Michael Park, and Neil Conway.
> 
> 
> Bugs: MESOS-6229
> https://issues.apache.org/jira/browse/MESOS-6229
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Use a default set of flags to provide additional security and hardening to 
> Mesos. Additionally, check and catch more warnings/errors.
> 
> 
> Diffs
> -
> 
>   configure.ac c8d48be 
>   m4/ax_check_compile_flag.m4 PRE-CREATION 
>   src/Makefile.am c2f9e44 
> 
> Diff: https://reviews.apache.org/r/52645/diff/
> 
> 
> Testing
> ---
> 
> Compared the benchmarks with and without the flags being used. Also did a 
> comparsion with the flags being used with and without optimizations and 
> without the flags being used with and without optimizations. Overall the 
> performance hit was very small with a 3-8% overhead (optimizations brings 
> this down slightly). Most benchmarks were about 5% (or less) slower.
> 
> 
> Thanks,
> 
> Aaron Wood
> 
>

Re: Review Request 52645: Harden Mesos

2016-11-01 Thread Aaron Wood


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/
---

(Updated Nov. 1, 2016, 7:37 p.m.)


Review request for mesos, James Peach, Michael Park, and Neil Conway.


Changes
---

Missed the `ax_check_compile_flag.m4` macro that should have been included with 
the previous update.


Bugs: MESOS-6229
https://issues.apache.org/jira/browse/MESOS-6229


Repository: mesos


Description
---

Use a default set of flags to provide additional security and hardening to 
Mesos. Additionally, check and catch more warnings/errors.


Diffs (updated)
-

  configure.ac c8d48be 
  m4/ax_check_compile_flag.m4 PRE-CREATION 
  src/Makefile.am c2f9e44 

Diff: https://reviews.apache.org/r/52645/diff/


Testing
---

Compared the benchmarks with and without the flags being used. Also did a 
comparsion with the flags being used with and without optimizations and without 
the flags being used with and without optimizations. Overall the performance 
hit was very small with a 3-8% overhead (optimizations brings this down 
slightly). Most benchmarks were about 5% (or less) slower.


Thanks,

Aaron Wood

Re: Review Request 52645: Harden Mesos

2016-11-01 Thread Aaron Wood


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/
---

(Updated Nov. 1, 2016, 7:06 p.m.)


Review request for mesos, James Peach, Michael Park, and Neil Conway.


Changes
---

Addressed comments.


Bugs: MESOS-6229
https://issues.apache.org/jira/browse/MESOS-6229


Repository: mesos


Description
---

Use a default set of flags to provide additional security and hardening to 
Mesos. Additionally, check and catch more warnings/errors.


Diffs (updated)
-

  configure.ac c8d48be 
  src/Makefile.am c2f9e44 

Diff: https://reviews.apache.org/r/52645/diff/


Testing
---

Compared the benchmarks with and without the flags being used. Also did a 
comparsion with the flags being used with and without optimizations and without 
the flags being used with and without optimizations. Overall the performance 
hit was very small with a 3-8% overhead (optimizations brings this down 
slightly). Most benchmarks were about 5% (or less) slower.


Thanks,

Aaron Wood

Re: Review Request 52645: Harden Mesos

2016-10-25 Thread Aaron Wood



> On Oct. 24, 2016, 5:50 p.m., James Peach wrote:
> > src/Makefile.am, line 114
> > 
> >
> > I wasn't able to figure this line out, so it probably needs a comment 
> > to explain where ``VARIANTS`` comes from and what this filtering is doing.

I need to fix this. I wrongly thought `VARIANTS` was something that was set 
elsewhere. I'll apply the appropriate flags in another way. Ideally this was 
supposed to apply `-fPIC` and `-fPIE` only to shared libs.


- Aaron


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/#review153713
---


On Oct. 21, 2016, 6:31 p.m., Aaron Wood wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52645/
> ---
> 
> (Updated Oct. 21, 2016, 6:31 p.m.)
> 
> 
> Review request for mesos, James Peach, Michael Park, and Neil Conway.
> 
> 
> Bugs: MESOS-6229
> https://issues.apache.org/jira/browse/MESOS-6229
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Use a default set of flags to provide additional security and hardening to 
> Mesos. Additionally, check and catch more warnings/errors.
> 
> 
> Diffs
> -
> 
>   configure.ac 034bb91 
>   src/Makefile.am fd01e1d 
> 
> Diff: https://reviews.apache.org/r/52645/diff/
> 
> 
> Testing
> ---
> 
> Compared the benchmarks with and without the flags being used. Also did a 
> comparsion with the flags being used with and without optimizations and 
> without the flags being used with and without optimizations. Overall the 
> performance hit was very small with a 3-8% overhead (optimizations brings 
> this down slightly). Most benchmarks were about 5% (or less) slower.
> 
> 
> Thanks,
> 
> Aaron Wood
> 
>

Re: Review Request 52645: Harden Mesos

2016-10-24 Thread James Peach


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/#review153713
---




src/Makefile.am (line 114)


I wasn't able to figure this line out, so it probably needs a comment to 
explain where ``VARIANTS`` comes from and what this filtering is doing.


- James Peach


On Oct. 21, 2016, 6:31 p.m., Aaron Wood wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52645/
> ---
> 
> (Updated Oct. 21, 2016, 6:31 p.m.)
> 
> 
> Review request for mesos, James Peach, Michael Park, and Neil Conway.
> 
> 
> Bugs: MESOS-6229
> https://issues.apache.org/jira/browse/MESOS-6229
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Use a default set of flags to provide additional security and hardening to 
> Mesos. Additionally, check and catch more warnings/errors.
> 
> 
> Diffs
> -
> 
>   configure.ac 034bb91 
>   src/Makefile.am fd01e1d 
> 
> Diff: https://reviews.apache.org/r/52645/diff/
> 
> 
> Testing
> ---
> 
> Compared the benchmarks with and without the flags being used. Also did a 
> comparsion with the flags being used with and without optimizations and 
> without the flags being used with and without optimizations. Overall the 
> performance hit was very small with a 3-8% overhead (optimizations brings 
> this down slightly). Most benchmarks were about 5% (or less) slower.
> 
> 
> Thanks,
> 
> Aaron Wood
> 
>

Re: Review Request 52645: Harden Mesos

2016-10-14 Thread Aaron Wood


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/
---

(Updated Oct. 14, 2016, 3:20 p.m.)


Review request for mesos, Michael Park and Neil Conway.


Bugs: MESOS-6229
https://issues.apache.org/jira/browse/MESOS-6229


Repository: mesos


Description
---

Use a default set of flags to provide additional security and hardening to 
Mesos. Additionally, check and catch more warnings/errors.


Diffs
-

  configure.ac 034bb91 
  src/Makefile.am fd01e1d 

Diff: https://reviews.apache.org/r/52645/diff/


Testing
---

Compared the benchmarks with and without the flags being used. Also did a 
comparsion with the flags being used with and without optimizations and without 
the flags being used with and without optimizations. Overall the performance 
hit was very small with a 3-8% overhead (optimizations brings this down 
slightly). Most benchmarks were about 5% (or less) slower.


Thanks,

Aaron Wood

Re: Review Request 52645: Harden Mesos

2016-10-12 Thread Aaron Wood


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/#review152381
---




src/Makefile.am (line 112)


Move these into `configure.ac`.


- Aaron Wood


On Oct. 11, 2016, 10:47 p.m., Aaron Wood wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52645/
> ---
> 
> (Updated Oct. 11, 2016, 10:47 p.m.)
> 
> 
> Review request for mesos and Michael Park.
> 
> 
> Bugs: MESOS-6229
> https://issues.apache.org/jira/browse/MESOS-6229
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Use a default set of flags to provide additional security and hardening to 
> Mesos. Additionally, check and catch more warnings/errors.
> 
> 
> Diffs
> -
> 
>   configure.ac 034bb91 
>   src/Makefile.am fd01e1d 
> 
> Diff: https://reviews.apache.org/r/52645/diff/
> 
> 
> Testing
> ---
> 
> Compared the benchmarks with and without the flags being used. Also did a 
> comparsion with the flags being used with and without optimizations and 
> without the flags being used with and without optimizations. Overall the 
> performance hit was very small with a 3-8% overhead (optimizations brings 
> this down slightly). Most benchmarks were about 5% (or less) slower.
> 
> 
> Thanks,
> 
> Aaron Wood
> 
>

Re: Review Request 52645: Harden Mesos

2016-10-11 Thread Aaron Wood


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/
---

(Updated Oct. 11, 2016, 10:47 p.m.)


Review request for mesos and Michael Park.


Changes
---

Depend on the other RR for fixing new errors.


Bugs: MESOS-6229
https://issues.apache.org/jira/browse/MESOS-6229


Repository: mesos


Description
---

Use a default set of flags to provide additional security and hardening to 
Mesos. Additionally, check and catch more warnings/errors.


Diffs
-

  configure.ac 034bb91 
  src/Makefile.am fd01e1d 

Diff: https://reviews.apache.org/r/52645/diff/


Testing
---

Compared the benchmarks with and without the flags being used. Also did a 
comparsion with the flags being used with and without optimizations and without 
the flags being used with and without optimizations. Overall the performance 
hit was very small with a 3-8% overhead (optimizations brings this down 
slightly). Most benchmarks were about 5% (or less) slower.


Thanks,

Aaron Wood

Re: Review Request 52645: Harden Mesos

2016-10-11 Thread Aaron Wood


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/#review152137
---




src/Makefile.am (line 100)


http://savannah.gnu.org/patch/?8186

http://git.savannah.gnu.org/gitweb/?p=autoconf-archive.git;a=commitdiff;h=39683064bbccb4008f239262cb681a970bf53603


- Aaron Wood


On Oct. 10, 2016, 7:50 p.m., Aaron Wood wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52645/
> ---
> 
> (Updated Oct. 10, 2016, 7:50 p.m.)
> 
> 
> Review request for mesos and Michael Park.
> 
> 
> Bugs: MESOS-6229
> https://issues.apache.org/jira/browse/MESOS-6229
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Use a default set of flags to provide additional security and hardening to 
> Mesos. Additionally, check and catch more warnings/errors.
> 
> 
> Diffs
> -
> 
>   configure.ac 034bb91 
>   src/Makefile.am fd01e1d 
> 
> Diff: https://reviews.apache.org/r/52645/diff/
> 
> 
> Testing
> ---
> 
> Compared the benchmarks with and without the flags being used. Also did a 
> comparsion with the flags being used with and without optimizations and 
> without the flags being used with and without optimizations. Overall the 
> performance hit was very small with a 3-8% overhead (optimizations brings 
> this down slightly). Most benchmarks were about 5% (or less) slower.
> 
> 
> Thanks,
> 
> Aaron Wood
> 
>

Re: Review Request 52645: Harden Mesos

2016-10-11 Thread Aaron Wood


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/#review152136
---




configure.ac (line 455)


Support `-fstack-protector-strong` when possible, otherwise use 
`-fstack-protector` and don't make 4.9 a requirement.



src/Makefile.am 


Removing this and putting it in AM_CXXFLAGS causes  builds to fail, at 
least on OS X due to these warnings being treated as hard errors:
```
clang: warning: argument unused during compilation: '-pthread'
clang: warning: argument unused during compilation: '-pie'
```


- Aaron Wood


On Oct. 10, 2016, 7:50 p.m., Aaron Wood wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52645/
> ---
> 
> (Updated Oct. 10, 2016, 7:50 p.m.)
> 
> 
> Review request for mesos and Michael Park.
> 
> 
> Bugs: MESOS-6229
> https://issues.apache.org/jira/browse/MESOS-6229
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Use a default set of flags to provide additional security and hardening to 
> Mesos. Additionally, check and catch more warnings/errors.
> 
> 
> Diffs
> -
> 
>   configure.ac 034bb91 
>   src/Makefile.am fd01e1d 
> 
> Diff: https://reviews.apache.org/r/52645/diff/
> 
> 
> Testing
> ---
> 
> Compared the benchmarks with and without the flags being used. Also did a 
> comparsion with the flags being used with and without optimizations and 
> without the flags being used with and without optimizations. Overall the 
> performance hit was very small with a 3-8% overhead (optimizations brings 
> this down slightly). Most benchmarks were about 5% (or less) slower.
> 
> 
> Thanks,
> 
> Aaron Wood
> 
>

Re: Review Request 52645: Harden Mesos

2016-10-10 Thread Aaron Wood


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/
---

(Updated Oct. 10, 2016, 7:50 p.m.)


Review request for mesos and Michael Park.


Changes
---

Fix spelling and clarify comment about `-Wall`.


Bugs: MESOS-6229
https://issues.apache.org/jira/browse/MESOS-6229


Repository: mesos


Description
---

Use a default set of flags to provide additional security and hardening to 
Mesos. Additionally, check and catch more warnings/errors.


Diffs (updated)
-

  configure.ac 034bb91 
  src/Makefile.am fd01e1d 

Diff: https://reviews.apache.org/r/52645/diff/


Testing
---

Compared the benchmarks with and without the flags being used. Also did a 
comparsion with the flags being used with and without optimizations and without 
the flags being used with and without optimizations. Overall the performance 
hit was very small with a 3-8% overhead (optimizations brings this down 
slightly). Most benchmarks were about 5% (or less) slower.


Thanks,

Aaron Wood

Re: Review Request 52645: Harden Mesos

2016-10-10 Thread Alex Clemmer


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/#review152042
---



I will leave comments about requiring GCC 4.9 to people who are more qualified 
to comment on it, but if we are enforcing this, then we do need to make it a 
requirement in the CMake build as well.

- Alex Clemmer


On Oct. 10, 2016, 6:16 p.m., Aaron Wood wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52645/
> ---
> 
> (Updated Oct. 10, 2016, 6:16 p.m.)
> 
> 
> Review request for mesos and Michael Park.
> 
> 
> Bugs: MESOS-6229
> https://issues.apache.org/jira/browse/MESOS-6229
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Use a default set of flags to provide additional security and hardening to 
> Mesos. Additionally, check and catch more warnings/errors.
> 
> 
> Diffs
> -
> 
>   configure.ac 034bb91 
>   src/Makefile.am fd01e1d 
> 
> Diff: https://reviews.apache.org/r/52645/diff/
> 
> 
> Testing
> ---
> 
> Compared the benchmarks with and without the flags being used. Also did a 
> comparsion with the flags being used with and without optimizations and 
> without the flags being used with and without optimizations. Overall the 
> performance hit was very small with a 3-8% overhead (optimizations brings 
> this down slightly). Most benchmarks were about 5% (or less) slower.
> 
> 
> Thanks,
> 
> Aaron Wood
> 
>

Re: Review Request 52645: Harden Mesos

2016-10-10 Thread Aaron Wood


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/
---

(Updated Oct. 10, 2016, 6:16 p.m.)


Review request for mesos and Michael Park.


Changes
---

Extra docs about some of the flags we moved out of MESOS_CPPFLAGS.


Bugs: MESOS-6229
https://issues.apache.org/jira/browse/MESOS-6229


Repository: mesos


Description
---

Use a default set of flags to provide additional security and hardening to 
Mesos. Additionally, check and catch more warnings/errors.


Diffs (updated)
-

  configure.ac 034bb91 
  src/Makefile.am fd01e1d 

Diff: https://reviews.apache.org/r/52645/diff/


Testing
---

Compared the benchmarks with and without the flags being used. Also did a 
comparsion with the flags being used with and without optimizations and without 
the flags being used with and without optimizations. Overall the performance 
hit was very small with a 3-8% overhead (optimizations brings this down 
slightly). Most benchmarks were about 5% (or less) slower.


Thanks,

Aaron Wood

Re: Review Request 52645: Harden Mesos

2016-10-10 Thread Aaron Wood


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/
---

(Updated Oct. 10, 2016, 6:13 p.m.)


Review request for mesos and Michael Park.


Changes
---

Move some of the warnings that were set in MESOS_CPPFLAGS to AM_CXXFLAGS.


Bugs: MESOS-6229
https://issues.apache.org/jira/browse/MESOS-6229


Repository: mesos


Description
---

Use a default set of flags to provide additional security and hardening to 
Mesos. Additionally, check and catch more warnings/errors.


Diffs (updated)
-

  configure.ac 034bb91 
  src/Makefile.am fd01e1d 

Diff: https://reviews.apache.org/r/52645/diff/


Testing
---

Compared the benchmarks with and without the flags being used. Also did a 
comparsion with the flags being used with and without optimizations and without 
the flags being used with and without optimizations. Overall the performance 
hit was very small with a 3-8% overhead (optimizations brings this down 
slightly). Most benchmarks were about 5% (or less) slower.


Thanks,

Aaron Wood

Re: Review Request 52645: Harden Mesos

2016-10-10 Thread Aaron Wood



> On Oct. 10, 2016, 5:32 p.m., James Peach wrote:
> > configure.ac, line 460
> > 
> >
> > GCC 4.9 is in devtoolset-3 for RHEL 6, so I think this is fine. IMHO it 
> > is still worth giving the mailing list a heads-up though.

Sure, will send out a note about this.


> On Oct. 10, 2016, 5:32 p.m., James Peach wrote:
> > src/Makefile.am, line 117
> > 
> >
> > Since you are now putting the compiler flags in the correct variables, 
> > you can remove then from ``MESOS_CPPFLAGS`` (which should only contain 
> > preprocessor options).

These were here before my changes so I had left them as is. I'll move them over 
to the right spot now.


- Aaron


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/#review152008
---


On Oct. 10, 2016, 3:42 p.m., Aaron Wood wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52645/
> ---
> 
> (Updated Oct. 10, 2016, 3:42 p.m.)
> 
> 
> Review request for mesos and Michael Park.
> 
> 
> Bugs: MESOS-6229
> https://issues.apache.org/jira/browse/MESOS-6229
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Use a default set of flags to provide additional security and hardening to 
> Mesos. Additionally, check and catch more warnings/errors.
> 
> 
> Diffs
> -
> 
>   configure.ac 034bb91 
>   src/Makefile.am fd01e1d 
> 
> Diff: https://reviews.apache.org/r/52645/diff/
> 
> 
> Testing
> ---
> 
> Compared the benchmarks with and without the flags being used. Also did a 
> comparsion with the flags being used with and without optimizations and 
> without the flags being used with and without optimizations. Overall the 
> performance hit was very small with a 3-8% overhead (optimizations brings 
> this down slightly). Most benchmarks were about 5% (or less) slower.
> 
> 
> Thanks,
> 
> Aaron Wood
> 
>

Re: Review Request 52645: Harden Mesos

2016-10-10 Thread James Peach


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/#review152008
---




configure.ac (line 460)


GCC 4.9 is in devtoolset-3 for RHEL 6, so I think this is fine. IMHO it is 
still worth giving the mailing list a heads-up though.



src/Makefile.am (line 117)


Since you are now putting the compiler flags in the correct variables, you 
can remove then from ``MESOS_CPPFLAGS`` (which should only contain preprocessor 
options).


- James Peach


On Oct. 10, 2016, 3:42 p.m., Aaron Wood wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52645/
> ---
> 
> (Updated Oct. 10, 2016, 3:42 p.m.)
> 
> 
> Review request for mesos and Michael Park.
> 
> 
> Bugs: MESOS-6229
> https://issues.apache.org/jira/browse/MESOS-6229
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Use a default set of flags to provide additional security and hardening to 
> Mesos. Additionally, check and catch more warnings/errors.
> 
> 
> Diffs
> -
> 
>   configure.ac 034bb91 
>   src/Makefile.am fd01e1d 
> 
> Diff: https://reviews.apache.org/r/52645/diff/
> 
> 
> Testing
> ---
> 
> Compared the benchmarks with and without the flags being used. Also did a 
> comparsion with the flags being used with and without optimizations and 
> without the flags being used with and without optimizations. Overall the 
> performance hit was very small with a 3-8% overhead (optimizations brings 
> this down slightly). Most benchmarks were about 5% (or less) slower.
> 
> 
> Thanks,
> 
> Aaron Wood
> 
>

Re: Review Request 52645: Harden Mesos

2016-10-10 Thread Aaron Wood


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/
---

(Updated Oct. 10, 2016, 3:42 p.m.)


Review request for mesos and Michael Park.


Changes
---

Addressed comments. Only target Mesos in this patch. Other RR's will contain 
changes for libprocess and stout.


Bugs: MESOS-6229
https://issues.apache.org/jira/browse/MESOS-6229


Repository: mesos


Description
---

Use a default set of flags to provide additional security and hardening to 
Mesos. Additionally, check and catch more warnings/errors.


Diffs (updated)
-

  configure.ac 034bb91 
  src/Makefile.am fd01e1d 

Diff: https://reviews.apache.org/r/52645/diff/


Testing
---

Compared the benchmarks with and without the flags being used. Also did a 
comparsion with the flags being used with and without optimizations and without 
the flags being used with and without optimizations. Overall the performance 
hit was very small with a 3-8% overhead (optimizations brings this down 
slightly). Most benchmarks were about 5% (or less) slower.


Thanks,

Aaron Wood

Re: Review Request 52645: Harden Mesos

2016-10-10 Thread Aaron Wood



On Oct. 7, 2016, 10:15 p.m., Aaron Wood wrote:
> > (1) Do we need to make the `CXXFLAGS` conditional on being supported by the 
> > current compiler? Seems like these flags are quite specific to (certain 
> > versions of?) gcc/clang.
> > 
> > (2) You should split this review into three separate reviews: a single 
> > review should make changes to at most one of Mesos, libprocess, and stout.
> > 
> > (3) What _specific_ attack vectors are these changes intended to prevent?

1. I believe the only flag that we need to watch out for with compatability is 
the `-fstack-protector-strong`. Since Mesos currently requires GCC >= 4.8.1 I 
think we should be good with the rest. Since `-fstack-protector-strong` is 
supported in GCC >= 4.9 I propose that we require at least this version.
2. Will do that right now :)
3. Overall the changes here should help prevent buffer overflows, stack 
overflows, and general memory corruption attacks. Having position independent 
code/binaries will also better take advantage of address space layout 
randomization which makes it much harder to successfully perform exploits. This 
should ideally give us better protection from zero days as well.


- Aaron


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/#review151886
---


On Oct. 7, 2016, 7:22 p.m., Aaron Wood wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52645/
> ---
> 
> (Updated Oct. 7, 2016, 7:22 p.m.)
> 
> 
> Review request for mesos and Michael Park.
> 
> 
> Bugs: MESOS-6229
> https://issues.apache.org/jira/browse/MESOS-6229
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Use a default set of flags to provide additional security and hardening to 
> Mesos. Additionally, check and catch more warnings/errors.
> 
> 
> Diffs
> -
> 
>   3rdparty/libprocess/Makefile.am 020b0e1 
>   3rdparty/stout/Makefile.am fda069d 
>   src/Makefile.am bfdb66a 
> 
> Diff: https://reviews.apache.org/r/52645/diff/
> 
> 
> Testing
> ---
> 
> Compared the benchmarks with and without the flags being used. Also did a 
> comparsion with the flags being used with and without optimizations and 
> without the flags being used with and without optimizations. Overall the 
> performance hit was very small with a 3-8% overhead (optimizations brings 
> this down slightly). Most benchmarks were about 5% (or less) slower.
> 
> 
> Thanks,
> 
> Aaron Wood
> 
>

Re: Review Request 52645: Harden Mesos

2016-10-07 Thread Neil Conway


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/#review151886
---




3rdparty/libprocess/Makefile.am (line 16)


Needs a comment explaining the purpose of these flags.



3rdparty/libprocess/Makefile.am (line 17)


Comment should end in a period.



src/Makefile.am (line 92)


This should be moved up above the preceding comment (the comment describes 
the `-Wl,--as-needed` line below).


(1) Do we need to make the `CXXFLAGS` conditional on being supported by the 
current compiler? Seems like these flags are quite specific to (certain 
versions of?) gcc/clang.

(2) You should split this review into three separate reviews: a single review 
should make changes to at most one of Mesos, libprocess, and stout.

(3) What _specific_ attack vectors are these changes intended to prevent?

- Neil Conway


On Oct. 7, 2016, 7:22 p.m., Aaron Wood wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52645/
> ---
> 
> (Updated Oct. 7, 2016, 7:22 p.m.)
> 
> 
> Review request for mesos and Michael Park.
> 
> 
> Bugs: MESOS-6229
> https://issues.apache.org/jira/browse/MESOS-6229
> 
> 
> Repository: mesos
> 
> 
> Description
> ---
> 
> Use a default set of flags to provide additional security and hardening to 
> Mesos. Additionally, check and catch more warnings/errors.
> 
> 
> Diffs
> -
> 
>   3rdparty/libprocess/Makefile.am 020b0e1 
>   3rdparty/stout/Makefile.am fda069d 
>   src/Makefile.am bfdb66a 
> 
> Diff: https://reviews.apache.org/r/52645/diff/
> 
> 
> Testing
> ---
> 
> Compared the benchmarks with and without the flags being used. Also did a 
> comparsion with the flags being used with and without optimizations and 
> without the flags being used with and without optimizations. Overall the 
> performance hit was very small with a 3-8% overhead (optimizations brings 
> this down slightly). Most benchmarks were about 5% (or less) slower.
> 
> 
> Thanks,
> 
> Aaron Wood
> 
>

Re: Review Request 52645: Harden Mesos

2016-10-07 Thread Aaron Wood


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/
---

(Updated Oct. 7, 2016, 7:22 p.m.)


Review request for mesos and Michael Park.


Bugs: MESOS-6229
https://issues.apache.org/jira/browse/MESOS-6229


Repository: mesos


Description
---

Use a default set of flags to provide additional security and hardening to 
Mesos. Additionally, check and catch more warnings/errors.


Diffs
-

  3rdparty/libprocess/Makefile.am 020b0e1 
  3rdparty/stout/Makefile.am fda069d 
  src/Makefile.am bfdb66a 

Diff: https://reviews.apache.org/r/52645/diff/


Testing
---

Compared the benchmarks with and without the flags being used. Also did a 
comparsion with the flags being used with and without optimizations and without 
the flags being used with and without optimizations. Overall the performance 
hit was very small with a 3-8% overhead (optimizations brings this down 
slightly). Most benchmarks were about 5% (or less) slower.


Thanks,

Aaron Wood

Review Request 52645: Harden Mesos

2016-10-07 Thread Aaron Wood


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52645/
---

Review request for mesos and Michael Park.


Bugs: MESOS-6229
https://issues.apache.org/jira/browse/MESOS-6229


Repository: mesos


Description
---

Use a default set of flags to provide additional security and hardening to 
Mesos. Additionally, check and catch more warnings/errors.


Diffs
-

  3rdparty/libprocess/Makefile.am 020b0e1 
  3rdparty/stout/Makefile.am fda069d 
  src/Makefile.am bfdb66a 

Diff: https://reviews.apache.org/r/52645/diff/


Testing
---

Compared the benchmarks with and without the flags being used. Also did a 
comparsion with the flags being used with and without optimizations and without 
the flags being used with and without optimizations. Overall the performance 
hit was very small with a 3-8% overhead (optimizations brings this down 
slightly). Most benchmarks were about 5% (or less) slower.


Thanks,

Aaron Wood

44 matches

Mail list logo