While SSP is really good for security purpose, I'd expect that with CFLAGS="-fno-stack-protector" the package should not have stack protection. In this case the file /sbin/init has stack protection. To check you can use: checksec --file /sbin/init
src/Makefile has this line: override CFLAGS += -ansi -fomit-frame-pointer -fstack-protector-strong -W -Wall -Wunreachable-code -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -D_XOPEN_SOURCE -D_GNU_SOURCE -DVERSION=\"$(VERSION)\" Some users might want to use -fstack-protector-all, so forcing -fstack-protector-strong decreases stack protection level for them :( .
Created attachment 568370 [details, diff] Patch
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ea715e600364ec22e461a4ca77536004ed6a0b8 commit 6ea715e600364ec22e461a4ca77536004ed6a0b8 Author: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> AuthorDate: 2019-03-10 03:04:27 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2019-03-15 13:19:09 +0000 sys-apps/sysvinit: Do not force -fstack-protector-strong. Fixes: https://bugs.gentoo.org/679504 Signed-off-by: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> sys-apps/sysvinit/sysvinit-2.94.ebuild | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
