Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 502158 - www-client/chromium : use -fstack-protector-all instead of -fstack-protector --param=ssp-buffer-size=4
Summary: www-client/chromium : use -fstack-protector-all instead of -fstack-protector ...
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal enhancement (vote)
Assignee: Chromium Project
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-02-22 18:54 UTC by Agostino Sarubbo
Modified: 2014-05-18 10:46 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-02-22 18:54:30 UTC 
We discussed about this improvement in a private mail sento to chromium@ .

Since I don't see any type of change I'm opening a bug to remind that.

In gentoo hardened we are using -fstack-protector-all that is stronger than -fstack-protector --param=ssp-buffer-size=4

I'm using it since a while and I didn't see problems.

Also, hardened users do not show any type of 'discomfort'
Comment 1 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2014-02-22 20:53:29 UTC 
(In reply to Agostino Sarubbo from comment #0)
> In gentoo hardened we are using -fstack-protector-all that is stronger than
> -fstack-protector --param=ssp-buffer-size=4

This means hardened chromium will get -fstack-prtector-all, right?

This bug seems to ask for change of default for everyone.

Please see http://lwn.net/Articles/584225/ . When -fstack-protector-strong is widely available in Gentoo we can switch to it. In fact, the options you've mentioned come from upstream.
Comment 2 Agostino Sarubbo gentoo-dev 2014-02-22 21:11:12 UTC 
(In reply to Paweł Hajdan, Jr. from comment #1)
> This means hardened chromium will get -fstack-prtector-all, right?

Do you mean if chromium on gentoo hardened is compiled with -fstack-protector-all? 
Yes.

> Please see http://lwn.net/Articles/584225/ . When -fstack-protector-strong
> is widely available in Gentoo we can switch to it. In fact, the options
> you've mentioned come from upstream.

I know that. I just do not see any performance issue with -fstack-protector-all.
Comment 3 Mike Gilbert gentoo-dev 2014-02-22 21:17:16 UTC 
Why is chromium so special that we should change the default CFLAGS for all of its users?
Comment 4 Agostino Sarubbo gentoo-dev 2014-02-22 21:23:30 UTC 
(In reply to Mike Gilbert from comment #3)
> Why is chromium so special that we should change the default CFLAGS for all
> of its users?

as one of the mostly used browser, I'd like to see it as full-hardened.
Comment 5 Matt 2014-03-19 17:52:42 UTC 
is there an option to use -fstack-protector-all on chromium meanwhile ?

via an ebuild change ?
Comment 6 Mike Gilbert gentoo-dev 2014-03-19 17:54:53 UTC 
(In reply to Matt from comment #5)
> is there an option to use -fstack-protector-all on chromium meanwhile ?

Just add it to CXXFLAGS. You can use package.env to do that on a per-package basis.
Comment 7 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2014-05-18 10:46:57 UTC 
(In reply to Mike Gilbert from comment #3)
> Why is chromium so special that we should change the default CFLAGS for all
> of its users?

(In reply to Mike Gilbert from comment #6)
> Just add it to CXXFLAGS. You can use package.env to do that on a per-package
> basis.

Yup. I don't think doing something different than upstream is warranted in this case.