'Re: [gentoo-hardened] Firefox won't compile on hardened profile'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-hardened
Subject:    Re: [gentoo-hardened] Firefox won't compile on hardened profile
From:       "Tóth Attila" <atoth () atoth ! sote ! hu>
Date:       2012-02-19 23:24:14
Message-ID: 2b27da13aa262f10fedfbf268d6defa3.squirrel () atoth ! sote ! hu
[Download RAW message or body]

Thanks for the link! It's clear now. You need a recent CPU and a recent
gcc to trigger this.
-- 
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057

2012.Február 19.(V) 23:01 időpontban Hinnerk van Bruinehsen ezt írta:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 19.02.2012 20:06, "Tóth Attila" wrote:
>> The email I replied to was originally posted by "Hinnerk van
>> Bruinehsen".
>>
>> Let's see my question in details, that might clarify it. Here is
>> the part of the ebuild I'm asking questions about:
>>
>> " if [[ $(gcc-major-version) -lt 4 ]]; then append-cxxflags
>> -fno-stack-protector elif [[ $(gcc-major-version) -gt 4 ||
>> $(gcc-minor-version) -gt 3 ]]; then if use amd64 || use x86; then
>> append-flags -mno-avx fi fi "
>>
>> Break it down:
>>
>> " if [[ $(gcc-major-version) -lt 4 ]]; then append-cxxflags
>> -fno-stack-protector " The first part is a historical remnant from
>> times before Zorry. We used gcc-3.4.6 for a long time. It used a
>> different implementation for SSP.
>>
>> " elif [[ $(gcc-major-version) -gt 4 || $(gcc-minor-version) -gt 3
>> ]]; then if use amd64 || use x86; then append-flags -mno-avx fi fi
>> "
>>
>> The second part disables avx optimisations if the gcc version is
>> newer than 4.3. However avx support isn't around so long and it's
>> not mature. Avx is an instruction set extension, that is getting
>> some attention lately. I'm lucky to have a system, with a capable
>> processor. The block disabling the optimisations resides right
>> besides the stack-protector statement. That's why I thought some
>> hardened floks put it there. And I'm curious about the reason.
>>
>> Of course it might be simply there, because enabling avx
>> optimizations can actually decrease performance. Like you can see
>> it here:
>> http://www.phoronix.com/scan.php?page=article&item=intel_avx_gcc&num=1
>>
>>  Security is more important for me compared to speed. That's why
>> I'm interested in any security effect of a compiler option (like
>> creating textrels or so). If it's a security problem, I won't use
>> corei7-avx, but rather go for simple corei7.
>>
>> Regards: Dw.
>
> Update: according to [1] it's not security related, but a bug with
> mozilla and the avx-extensions. It simply doesn't work together. Since
> I have no Sandy Bridge CPU I'm not able to test anythin else...
>
>
>
>
> [1] http://forums.gentoo.org/viewtopic-t-893300-start-0.html
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.18 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJPQXFVAAoJEJwwOFaNFkYclboIAI4QIEs8IM8jQ8VU7b625qE8
> q+G8kMyJR20V/0Etywv2uM54/gUuwNR/mP0YgEW9Bj7yuvAbpXKQPp1R7kXjFzyq
> xNWRYNm6vMlByuakFoYzoB6w7CqqTFVG3dbnujdiVZJVG/+fDM0y/y0MWXIwl6VM
> Ng5R5kfzTll/yyp4nYPuAoUinLEAgZy20UOgQJqU33y+AoDdoG4YwqFIrO9FkBFe
> ewRLfrwuKpr/+KCm6hvEqavfv32bg5NJMPSAusYIfFSlftNzqoxoxSvVnzanp509
> pde3CaSrMjUux5u6kR/IjJlnKP0lgwVr5kntkErSG3edV8YFXRRfFVrIF6chlvM=
> =o5MX
> -----END PGP SIGNATURE-----
>
>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic