First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 13610
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Martin Schlemmer (RETIRED) <azarah@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: David Nielsen <Lovechild@foolclan.com>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 13610 depends on: Show dependency tree
Bug 13610 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2003-01-09 18:34 0000 
I would like to see the SSP patch included in the default GCC for Gentoo, as
it's a 
security enhancement and it can be enabled using compile flags. 

I know that certain programs break with this patches installed, but I think
that if 
we keep it in unstable for a while we can get most of the ebuilds fixed to work 
with this patch, and that way we can all enjoy an even more secure system. 

I understand that OpenBSD also recently included this patch in their default
setup 
so we might even be able to draw on their experiences.

------- Comment #1 From Martin Schlemmer (RETIRED) 2003-01-12 13:42:51 0000 ------- 
Post 1.4 if we go for it.

------- Comment #2 From David Nielsen 2003-01-12 14:31:05 0000 ------- 
Sure, that was what I figured it's a bit to late in the release process to add
such 
a massive and intrusive change, this was never meant to be a 1.4 request... but
I 
see this as a nice feature server security, it's of course not worth much on a 
desktop machine unless you have a bad case of paranoia :)

------- Comment #3 From Dylan Carlson (RETIRED) 2003-02-04 17:57:46 0000 ------- 
I would like to contribute to the testing effort for this as well.  This is a
Good Thing. 

I would suggest making this a different, ebuild for testing (such as
gcc-propolice)... then merge 
it over to the mainline gcc ebuilds once it's considered safe and is tested on
all platforms (even 
if the cflag is not used). 

Right now the gcc 3.2.1 patch has been tested by the patch authors only on x86
and ppc.

------- Comment #4 From Matthew Rickard 2003-02-10 22:21:07 0000 ------- 
I've also been testing this, and things are going quite well.  This would
definitely make a good addition to post 1.4 Gentoo.  My results so far can be
found at http://frogger974.homelinux.org/gentoo_propolice.html

The most significant problems I've come across are portage breaking if glibc is
build with stack protection, and portage breaking if it is build with stack
protection itself.  I'm hoping to track down these issues sometime soon.

------- Comment #5 From Joshua Brindle (RETIRED) 2003-04-15 20:36:55 0000 ------- 
this is in gcc-3.2.2-r3 being tested, etc
there are also changes to important packages (xfree), etc to accomidate this
for info check out http://cvs.gentoo.org/~method

closing this bug..
First Last Prev Next    No search results available      Search page      Enter new bug