On 09/08/2013 08:06 PM, Ryan Hill wrote: > On Sat, 07 Sep 2013 19:08:57 -0400 > "Rick \"Zero_Chaos\" Farina" <zeroch...@gentoo.org> wrote: > >> Personally I think this would be a great stepping stone. If we add >> - -fstack-protector to 4.8.1 it will improve security (only a little I >> know) and give us an idea of what issues we may have. After a short >> enjoyment of fixing any issues which come up we could more to >> - -fstack-protector-strong in 4.9. > > Okay it won't be available for 4.8.1. It's going to require a couple minor > glibc changes and a lot of testing. A bunch of packages stick workarounds > behind a hardened USE flag or do things like `filter-flags -fstack-protector` > which don't actually work (we have to patch the compiler, not just add it to > the default flags in the profiles or something). I need to check the > interactions with hardened's spec files. And I need to get 4.8.1 out the door > two weeks ago. Once we fix the fallout from the unmasking I'll get back to > this. > > I also want to make a comment on the implications of this change that people > may not have considered. Bugs caused by -fstack-protector can no longer be > just dismissed as unsupported, invalid, or assigned to the hardened team and > forgotten about. You will be expected to fix them, and `append-flags > -fno-stack-protector` is not an acceptable fix. You can't champion for more > secure defaults and then just disable them when they get in your way. > > So does anyone have any objections to making -fstack-protector the default? > Now is the time to speak up. > > > > (and for the record I've changed my mind and would like to see this go > forward, > so please stop emailing me) > >
A few thoughts: 1. The kernel expects -fno-stack-protector to be the default. What will the effect be on kernel configuration once -fstack-protector is the default? 2. We should make sure that -fno-stack-protector is a supported CFLAG. This will make it easier to handle complaints from the vocal minority of our user base that want every last percentage point of performance. 3. I would like to point out that we are talking about deviating from upstream behavior and everyone is okay with it. Anyone who thinks we should stick to upstream when it is not good for us should speak now or risk being asked "where were you when..." whenever they try to use upstream as an excuse to hold back progress. ;)
signature.asc
Description: OpenPGP digital signature
