Summary: | www-client/chromium : use -fstack-protector-all instead of -fstack-protector --param=ssp-buffer-size=4 | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Agostino Sarubbo <ago> |
Component: | Current packages | Assignee: | Chromium Project <chromium> |
Status: | RESOLVED WONTFIX | ||
Severity: | enhancement | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-02-22 18:54:30 UTC
(In reply to Agostino Sarubbo from comment #0) > In gentoo hardened we are using -fstack-protector-all that is stronger than > -fstack-protector --param=ssp-buffer-size=4 This means hardened chromium will get -fstack-prtector-all, right? This bug seems to ask for change of default for everyone. Please see http://lwn.net/Articles/584225/ . When -fstack-protector-strong is widely available in Gentoo we can switch to it. In fact, the options you've mentioned come from upstream. (In reply to Paweł Hajdan, Jr. from comment #1) > This means hardened chromium will get -fstack-prtector-all, right? Do you mean if chromium on gentoo hardened is compiled with -fstack-protector-all? Yes. > Please see http://lwn.net/Articles/584225/ . When -fstack-protector-strong > is widely available in Gentoo we can switch to it. In fact, the options > you've mentioned come from upstream. I know that. I just do not see any performance issue with -fstack-protector-all. Why is chromium so special that we should change the default CFLAGS for all of its users? (In reply to Mike Gilbert from comment #3) > Why is chromium so special that we should change the default CFLAGS for all > of its users? as one of the mostly used browser, I'd like to see it as full-hardened. is there an option to use -fstack-protector-all on chromium meanwhile ? via an ebuild change ? (In reply to Matt from comment #5) > is there an option to use -fstack-protector-all on chromium meanwhile ? Just add it to CXXFLAGS. You can use package.env to do that on a per-package basis. (In reply to Mike Gilbert from comment #3) > Why is chromium so special that we should change the default CFLAGS for all > of its users? (In reply to Mike Gilbert from comment #6) > Just add it to CXXFLAGS. You can use package.env to do that on a per-package > basis. Yup. I don't think doing something different than upstream is warranted in this case. |