[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    Re: [gentoo-dev] Stack smash protected daemons [blah]
From:       Kumba <kumba () gentoo ! org>
Date:       2004-09-26 17:25:44
Message-ID: 4156FB97.2020803 () gentoo ! org
[Download RAW message or body]

This thread has been going on too long.

The way I see it, there are two sides to this:  Those who want SSP on by 
default, and those who don't.  The question is, who has the better proposal?

The answer is neither do.

I'm an SSP user, having used it more or less since I first heard about it from 
solar.  I use it on x86 and sparc64, and have had absolutely no problems with 
it.  I don't use it on mips because mips is still a bit of an experimental 
arch.  We've got three ABIs to deal with, and because SSP changes code 
generation just a little, there is always the possibility of something weird 
going on.  That doesn't mean, however, that we'll never use it on mips.

The problem inherent with SSP, however, is it doesn't get alot of attention. 
That is, few users truly know about it.  This is largely why users don't 
actively use it, and why some are wary of using it.  Even those that know of 
it sometimes don't know how it works (which is me to some extent).

The solution, as I see it, is not to forcefully turn it on or turn it off 
automatically on a distro-wide scale, but rather to educate users about it, 
what it does, and why it can be beneficial.  How this is done is really not my 
area, probably it deserves its own section in the Handbook, maybe we should 
drop a rather noticeable bit in the make.confs for archs it is fully tested on.

I do believe SSP to be a good thing, and one that should be used whenever 
possible, but Gentoo is about choice.  Turning on SSP by default goes against 
that choice, which is probably why some oppose SSP quite a bit.  So rather 
than have this thread carry on about the pros and cons of SSP, how about 
someone cook up a unidiff against the make.conf's of know working archs (i.e., 
x86 & sparc64), and a unidiff against our docs that gives SSP the appropriate 
coverage and education it deserves.  It probably doesn't fully address what 
either side wants, but it's something alot more productive than arguing about it.


--Kumba

-- 
"Such is oft the course of deeds that move the wheels of the world: small 
hands do them because they must, while the eyes of the great are elsewhere." 
--Elrond

--
gentoo-dev@gentoo.org mailing list

[prev in list] [next in list] [prev in thread] [next in thread]