Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 615370

Summary: sys-devel/gcc: Changes from "nopie" to "pie" and from "nossp" to "ssp" in gcc >=6 change defaults to off
Product: Gentoo Linux Reporter: Hanno Böck <hanno>
Component: Current packagesAssignee: Gentoo Toolchain Maintainers <toolchain>
Status: RESOLVED FIXED    
Severity: normal CC: arfrever.fta, bitlord0xff, dilfridge, pageexec, sping
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=484714
Whiteboard:
Package list:
Runtime testing required: ---

Description Hanno Böck gentoo-dev 2017-04-12 15:45:53 UTC 
I noticed that with gcc 6 the compiler no longer uses stack protection by default. This is due to a change in the use flags.

With gcc 4 and 5 this is on by default and controlled with a flag nossp to switch it off. However in gcc 6 this is changed to a ssp use flag and it's default off.

While avoiding no* useflags is imho good, I think disabling ssp is a step back. When feasible security features should default to on (and we had default stack protection for quite a while). So I propose to change it to +ssp, so the default is still to have a gcc which enables stack protection by default.
Comment 1 Arfrever Frehtes Taifersar Arahesis 2017-05-06 07:37:13 UTC 
Similar renaming of USE flags was for "nopie" -> "pie".
Comment 2 William Hubbs gentoo-dev 2017-05-06 18:07:39 UTC 
This should fix the issue.

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4000cdde4281ffef9b61da83f16a30547131259a
Comment 3 jospezial 2017-05-06 21:53:43 UTC 
(In reply to Hanno Boeck from comment #0)
> I noticed that with gcc 6 the compiler no longer uses stack protection by
> default. This is due to a change in the use flags.
> 
> With gcc 4 and 5 this is on by default and controlled with a flag nossp to
> switch it off. However in gcc 6 this is changed to a ssp use flag and it's
> default off.
> 
> While avoiding no* useflags is imho good, I think disabling ssp is a step
> back. When feasible security features should default to on (and we had
> default stack protection for quite a while). So I propose to change it to
> +ssp, so the default is still to have a gcc which enables stack protection
> by default.

(In reply to Arfrever Frehtes Taifersar Arahesis from comment #1)
> Similar renaming of USE flags was for "nopie" -> "pie".
https://bugs.gentoo.org/show_bug.cgi?id=615370

Something like this should be as a portage news.
Comment 4 jospezial 2017-05-06 21:55:43 UTC 
and that should be in that news too:

https://bugs.gentoo.org/show_bug.cgi?id=484714
Comment 5 Matthias Maier gentoo-dev 2017-05-07 00:50:29 UTC 
(In reply to jospezial from comment #4)
> and that should be in that news too:
> 
> https://bugs.gentoo.org/show_bug.cgi?id=484714

https://gitweb.gentoo.org/data/gentoo-news.git/tree/2014-06-15-gcc48_ssp/2014-06-15-gcc48_ssp.en.txt