I would like to see the SSP patch included in the default GCC for Gentoo, as it's a security enhancement and it can be enabled using compile flags. I know that certain programs break with this patches installed, but I think that if we keep it in unstable for a while we can get most of the ebuilds fixed to work with this patch, and that way we can all enjoy an even more secure system. I understand that OpenBSD also recently included this patch in their default setup so we might even be able to draw on their experiences.
Post 1.4 if we go for it.
Sure, that was what I figured it's a bit to late in the release process to add such a massive and intrusive change, this was never meant to be a 1.4 request... but I see this as a nice feature server security, it's of course not worth much on a desktop machine unless you have a bad case of paranoia :)
I would like to contribute to the testing effort for this as well. This is a Good Thing. I would suggest making this a different, ebuild for testing (such as gcc-propolice)... then merge it over to the mainline gcc ebuilds once it's considered safe and is tested on all platforms (even if the cflag is not used). Right now the gcc 3.2.1 patch has been tested by the patch authors only on x86 and ppc.
I've also been testing this, and things are going quite well. This would definitely make a good addition to post 1.4 Gentoo. My results so far can be found at http://frogger974.homelinux.org/gentoo_propolice.html The most significant problems I've come across are portage breaking if glibc is build with stack protection, and portage breaking if it is build with stack protection itself. I'm hoping to track down these issues sometime soon.
this is in gcc-3.2.2-r3 being tested, etc there are also changes to important packages (xfree), etc to accomidate this for info check out http://cvs.gentoo.org/~method closing this bug..
