621742 – sys-libs/glibc: Always enable stack guard randomization

Bug 621742 - sys-libs/glibc: Always enable stack guard randomization

Summary: sys-libs/glibc: Always enable stack guard randomization

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All All

Importance:	Normal normal (vote)
Assignee:	Gentoo Toolchain Maintainers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-06-14 14:59 UTC by Arfrever Frehtes Taifersar Arahesis
Modified:	2017-06-16 08:29 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arfrever Frehtes Taifersar Arahesis 2017-06-14 14:59:44 UTC

I suggest that stack guard randomization be always enabled, instead of only in hardened systems.
I have been using sys-libs/glibc built with stack guard randomization enabled on non-hardened system for 4 months without any problems.
"hardened" USE flag of sys-libs/glibc is currently masked in non-hardened profiles.

--- eclass/toolchain-glibc.eclass
+++ eclass/toolchain-glibc.eclass
@@ -780,7 +780,7 @@
        [[ -d ports ]] && addons+=",ports"
        popd > /dev/null
 
-       myconf+=( $(use_enable hardened stackguard-randomization) )
+       myconf+=( --enable-stackguard-randomization )
        if has_version '<sys-libs/glibc-2.13' ; then
                myconf+=( --enable-old-ssp-compat )
        fi

Comment 1 Matthias Maier gentoo-dev

2017-06-16 08:29:34 UTC

commit 28ec20d517e494deed48497b1c478f5bd4dff1a6
Author: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org>
Date:   Wed Jun 14 17:00:32 2017 +0200

    toolchain-glibc.eclass: Always enable stack guard randomization (bug #621742).
    
    Signed-off-by: Matthias Maier <tamiko@gentoo.org>