Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 273188

Summary: gcc-4.3.3-r2 should also be masked
Product: Gentoo Linux Reporter: Hongjiu Zhang <voidprayer>
Component: HardenedAssignee: The Gentoo Linux Hardened Team <hardened>
Status: RESOLVED INVALID    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: x86   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Hongjiu Zhang 2009-06-08 11:40:49 UTC
Using /usr/portage/profiles/hardened/x86 as profile. Notice that /usr/portage/profiles/hardened/package.mask contains =sys-devel/gcc-4.3.2* and =sys-devel/gcc-4.3.3, without an asterisk after 4.3.3. In this way, using this can cause emerge gcc-4.3.3-r2 while using ~x86

Reproducible: Always



Expected Results:  
Really no version 4 of gcc can be emerged before officially unmasked.
Comment 1 Gordon Malm (RETIRED) gentoo-dev 2009-06-08 16:56:18 UTC
It's not a bug.  gcc-4.3.3-r2 is experimental on hardened profile with default enforcement of relro, bind now, pic/pie, fortify_source and -fno-strict-overflow.  SSP has not been integrated yet.
Comment 2 Hongjiu Zhang 2009-06-17 09:22:42 UTC
Sorry to keep on asking for more information. You said that gcc-4.3.3-r2 do not integrate SSP implementation. So if I want to experience gcc:4's SSP, I can only emerge gcc-4.3.2?

And is it recommended to test the gcc-4 SSP on non-critical hardened system, like some nut people' laptops? Is it currently really helpful for official work?
Comment 3 Gordon Malm (RETIRED) gentoo-dev 2009-06-17 15:58:09 UTC
(In reply to comment #2)
> Sorry to keep on asking for more information. You said that gcc-4.3.3-r2 do not
> integrate SSP implementation. So if I want to experience gcc:4's SSP, I can
> only emerge gcc-4.3.2?

No, none of the gcc-4 implementations do SSP by default like hardened gcc-3.4.6 does.

> 
> And is it recommended to test the gcc-4 SSP on non-critical hardened system,
> like some nut people' laptops? Is it currently really helpful for official
> work?
> 

Well yeah.. it's testing/unstable marked right?  So test on non-critical before deploying anywhere else of course.  Yes, it's helpful... if people report successes or bugs they find.