I noticed that with gcc 6 the compiler no longer uses stack protection by default. This is due to a change in the use flags. With gcc 4 and 5 this is on by default and controlled with a flag nossp to switch it off. However in gcc 6 this is changed to a ssp use flag and it's default off. While avoiding no* useflags is imho good, I think disabling ssp is a step back. When feasible security features should default to on (and we had default stack protection for quite a while). So I propose to change it to +ssp, so the default is still to have a gcc which enables stack protection by default.
Similar renaming of USE flags was for "nopie" -> "pie".
This should fix the issue. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4000cdde4281ffef9b61da83f16a30547131259a
(In reply to Hanno Boeck from comment #0) > I noticed that with gcc 6 the compiler no longer uses stack protection by > default. This is due to a change in the use flags. > > With gcc 4 and 5 this is on by default and controlled with a flag nossp to > switch it off. However in gcc 6 this is changed to a ssp use flag and it's > default off. > > While avoiding no* useflags is imho good, I think disabling ssp is a step > back. When feasible security features should default to on (and we had > default stack protection for quite a while). So I propose to change it to > +ssp, so the default is still to have a gcc which enables stack protection > by default. (In reply to Arfrever Frehtes Taifersar Arahesis from comment #1) > Similar renaming of USE flags was for "nopie" -> "pie". https://bugs.gentoo.org/show_bug.cgi?id=615370 Something like this should be as a portage news.
and that should be in that news too: https://bugs.gentoo.org/show_bug.cgi?id=484714
(In reply to jospezial from comment #4) > and that should be in that news too: > > https://bugs.gentoo.org/show_bug.cgi?id=484714 https://gitweb.gentoo.org/data/gentoo-news.git/tree/2014-06-15-gcc48_ssp/2014-06-15-gcc48_ssp.en.txt
