FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Development

 
 
LinkBack Thread Tools
 
Old 10-24-2010, 01:34 AM
Duncan
 
Default News item for hardened profile about gcc.

Magnus Granberg posted on Sun, 24 Oct 2010 03:01:40 +0200 as excerpted:

> Display-If-Install: <sys-devel/gcc-4.4

Typo:

Display-If-Installed:
^^

Meanwhile, the title reflects hardened profiles, but the updated
conditions aren't viewed only on hardened. The no-support-for-<gcc-4
policy would seem reasonable for most profiles (don't know about the
exotic archs). Either the title should be updated to reflect that it
applies in general (not just on hardened), or the condition to display
only on hardened should be maintained. Either way, making it clearer in
the body as well would be wise, so people seeing it only on hardened (if
it applies only to them, for example) will have less chance of missing
that, if they have regular installs as well.

But I don't remember whether multiple conditions are ANDed or ORed; they
should be ANDed here, if it's to apply to ONLY hardened with <gcc-4.4
installed.

--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
 
Old 10-24-2010, 08:04 AM
Kfir Lavi
 
Default News item for hardened profile about gcc.

On Sun, Oct 24, 2010 at 3:34 AM, Duncan <1i5t5.duncan@cox.net> wrote:
>
> Magnus Granberg posted on Sun, 24 Oct 2010 03:01:40 +0200 as excerpted:
>
> > Display-If-Install: <sys-devel/gcc-4.4
>
> Typo:
>
> Display-If-Installed:
> * * * * * * * * *^^
>
> Meanwhile, the title reflects hardened profiles, but the updated
> conditions aren't viewed only on hardened. *The no-support-for-<gcc-4
> policy would seem reasonable for most profiles (don't know about the
> exotic archs). *Either the title should be updated to reflect that it
> applies in general (not just on hardened), or the condition to display
> only on hardened should be maintained. *Either way, making it clearer in
> the body as well would be wise, so people seeing it only on hardened (if
> it applies only to them, for example) will have less chance of missing
> that, if they have regular installs as well.
>
> But I don't remember whether multiple conditions are ANDed or ORed; they
> should be ANDed here, if it's to apply to ONLY hardened with <gcc-4.4
> installed.
>
> --
> Duncan - List replies preferred. * No HTML msgs.
> "Every nonfree program has a lord, a master --
> and if you use the program, he is your master." *Richard Stallman
>
>

Hi all,
After reading this post I went to wikipedia to read about the SSP.
http://en.wikipedia.org/wiki/Buffer_overflow_protection
At the paragraph "GCC Stack-Smashing Protector (ProPolice)", its written"

"It was implemented as a patch to GCC 3.x; a less intrusive
reimplementation is included in the GCC 4.1 release. Currently, SSP is
standard in OpenBSD, FreeBSD (since 8.0), Ubuntu (since 8.04 LTS[3]),
and DragonFly BSD. It is also available in NetBSD (enabled by default
on x86), Debian and Gentoo, disabled by default."

Now this should be changed, if the SSP flag is becoming default.

Regards,
Kfir
 
Old 10-24-2010, 08:13 AM
Ulrich Mueller
 
Default News item for hardened profile about gcc.

>>>>> On Sun, 24 Oct 2010, Magnus Granberg wrote:

> Title: Info on GCC 4.4.4-r2 and GCC 3.X on Hardened profiles

Too long. Maximum is 44 characters for the Title, according to GLEP 42.

> Revision: 1.1

This should always start with 1 (and it's one integer number)

> Display-If-Install: <sys-devel/gcc-4.4

s/Install/Installed/

Ulrich
 
Old 10-24-2010, 09:31 AM
Magnus Granberg
 
Default News item for hardened profile about gcc.

On Sunday 24 October 2010 10.04.34 Kfir Lavi wrote:
> On Sun, Oct 24, 2010 at 3:34 AM, Duncan <1i5t5.duncan@cox.net> wrote:
> > Magnus Granberg posted on Sun, 24 Oct 2010 03:01:40 +0200 as excerpted:
> > > Display-If-Install: <sys-devel/gcc-4.4
> >
> > Typo:
> >
> > Display-If-Installed:
> > ^^
> >
> > Meanwhile, the title reflects hardened profiles, but the updated
> > conditions aren't viewed only on hardened. The no-support-for-<gcc-4
> > policy would seem reasonable for most profiles (don't know about the
> > exotic archs). Either the title should be updated to reflect that it
> > applies in general (not just on hardened), or the condition to display
> > only on hardened should be maintained. Either way, making it clearer in
> > the body as well would be wise, so people seeing it only on hardened (if
> > it applies only to them, for example) will have less chance of missing
> > that, if they have regular installs as well.
> >
> > But I don't remember whether multiple conditions are ANDed or ORed; they
> > should be ANDed here, if it's to apply to ONLY hardened with <gcc-4.4
> > installed.
> >
> > --
> > Duncan - List replies preferred. No HTML msgs.
> > "Every nonfree program has a lord, a master --
> > and if you use the program, he is your master." Richard Stallman
>
> Hi all,
> After reading this post I went to wikipedia to read about the SSP.
> http://en.wikipedia.org/wiki/Buffer_overflow_protection
> At the paragraph "GCC Stack-Smashing Protector (ProPolice)", its written"
>
> "It was implemented as a patch to GCC 3.x; a less intrusive
> reimplementation is included in the GCC 4.1 release. Currently, SSP is
> standard in OpenBSD, FreeBSD (since 8.0), Ubuntu (since 8.04 LTS[3]),
> and DragonFly BSD. It is also available in NetBSD (enabled by default
> on x86), Debian and Gentoo, disabled by default."
>
> Now this should be changed, if the SSP flag is becoming default.
>
> Regards,
> Kfir
Updated the news item.
Thanks for the notes Duncan.
@Kfir It is only the hardened gcc that have the SSP enable as default.
We can add that Gentoo (Hardened) have it enable.

/Magnus
/Magnus
Title: Info about GCC on Hardened profiles
Author: Magnus Granberg <zorry@gentoo.org>
Content-Type: text/plain
Posted: 2010-10-27
Revision: 3
News-Item-Format: 1.0
Display-If-Installed: <sys-devel/gcc-4.4 and hardened

GCC 4.4.4-r2 is now stable in the hardened profiles (on x86 and
amd64 as of 2010-10-24, other architectures will follow later).
Starting from this version, SSP support is enabled by default for the
architectures it is supported on (namely x86, amd64, ppc, ppc64 and
arm). Previously, GCC 4.3.4 had SSP support but it was not enabled
by default.

Older GCC versions in the hardened profiles, such as the
GCC 3.x series will be obsoleted, problems arising on those versions,
but not applying to GCC 4.4.4-r2 will not be fixed, so please update
to the new version.
 
Old 10-24-2010, 09:52 AM
Kfir Lavi
 
Default News item for hardened profile about gcc.

On Sun, Oct 24, 2010 at 11:31 AM, Magnus Granberg <zorry@gentoo.org> wrote:
> On Sunday 24 October 2010 10.04.34 Kfir Lavi wrote:
>> On Sun, Oct 24, 2010 at 3:34 AM, Duncan <1i5t5.duncan@cox.net> wrote:
>> > Magnus Granberg posted on Sun, 24 Oct 2010 03:01:40 +0200 as excerpted:
>> > > Display-If-Install: <sys-devel/gcc-4.4
>> >
>> > Typo:
>> >
>> > Display-If-Installed:
>> > * * * * * * * * *^^
>> >
>> > Meanwhile, the title reflects hardened profiles, but the updated
>> > conditions aren't viewed only on hardened. *The no-support-for-<gcc-4
>> > policy would seem reasonable for most profiles (don't know about the
>> > exotic archs). *Either the title should be updated to reflect that it
>> > applies in general (not just on hardened), or the condition to display
>> > only on hardened should be maintained. *Either way, making it clearer in
>> > the body as well would be wise, so people seeing it only on hardened (if
>> > it applies only to them, for example) will have less chance of missing
>> > that, if they have regular installs as well.
>> >
>> > But I don't remember whether multiple conditions are ANDed or ORed; they
>> > should be ANDed here, if it's to apply to ONLY hardened with <gcc-4.4
>> > installed.
>> >
>> > --
>> > Duncan - List replies preferred. * No HTML msgs.
>> > "Every nonfree program has a lord, a master --
>> > and if you use the program, he is your master." *Richard Stallman
>>
>> Hi all,
>> After reading this post I went to wikipedia to read about *the SSP.
>> http://en.wikipedia.org/wiki/Buffer_overflow_protection
>> At the paragraph "GCC Stack-Smashing Protector (ProPolice)", its written"
>>
>> "It was implemented as a patch to GCC 3.x; a less intrusive
>> reimplementation is included in the GCC 4.1 release. Currently, SSP is
>> standard in OpenBSD, FreeBSD (since 8.0), Ubuntu (since 8.04 LTS[3]),
>> and DragonFly BSD. It is also available in NetBSD (enabled by default
>> on x86), Debian and Gentoo, disabled by default."
>>
>> Now this should be changed, if the SSP flag is becoming default.
>>
>> Regards,
>> Kfir
> Updated the news item.
> Thanks for the notes Duncan.
> @Kfir *It is only the hardened gcc that have the SSP enable as default.
> We can add that Gentoo (Hardened) have it enable.
>
> /Magnus
> /Magnus
>
Ok,
I have modified the SSP section in wikipedia.

Regards,
Kfir
 
Old 10-24-2010, 10:04 AM
Ulrich Mueller
 
Default News item for hardened profile about gcc.

>>>>> On Sun, 24 Oct 2010, Magnus Granberg wrote:

> Display-If-Installed: <sys-devel/gcc-4.4 and hardened

If I understand portage's logic correctly, then this header will not
work. But you can use Display-If-Installed for the dependency atom and
Display-If-Profile for the profile. Headers of different type will be
linked by a logical and.

> Revision: 3

This should still be 1. Revision should be increased only for changes
to an already committed news item, not during discussion.

Ulrich
 
Old 10-24-2010, 10:23 AM
Magnus Granberg
 
Default News item for hardened profile about gcc.

On Sunday 24 October 2010 12.04.13 Ulrich Mueller wrote:
> >>>>> On Sun, 24 Oct 2010, Magnus Granberg wrote:
> > Display-If-Installed: <sys-devel/gcc-4.4 and hardened
>
> If I understand portage's logic correctly, then this header will not
> work. But you can use Display-If-Installed for the dependency atom and
> Display-If-Profile for the profile. Headers of different type will be
> linked by a logical and.
>
> > Revision: 3
>
> This should still be 1. Revision should be increased only for changes
> to an already committed news item, not during discussion.
>
> Ulrich
Updated
Thanks Ulrich for the notes.

/Magnus
Title: Info about GCC on Hardened profiles
Author: Magnus Granberg <zorry@gentoo.org>
Content-Type: text/plain
Posted: 2010-10-27
Revision: 1
News-Item-Format: 1.0
Display-If-Installed: <sys-devel/gcc-4.4
Display-If-Profile: hardened/linux

GCC 4.4.4-r2 is now stable in the hardened profiles (on x86 and
amd64 as of 2010-10-24, other architectures will follow later).
Starting from this version, SSP support is enabled by default for the
architectures it is supported on (namely x86, amd64, ppc, ppc64 and
arm). Previously, GCC 4.3.4 had SSP support but it was not enabled
by default.

Older GCC versions in the hardened profiles, such as the
GCC 3.x series will be obsoleted, problems arising on those versions,
but not applying to GCC 4.4.4-r2 will not be fixed, so please update
to the new version.
 
Old 10-24-2010, 05:00 PM
7v5w7go9ub0o
 
Default News item for hardened profile about gcc.

On 10/23/10 20:28, Magnus Granberg wrote:
> Hi
>
> Was thinking to post a news item for the hardened profile about the
> new GCC 4.4.4-r2 that have been stabled on x86 and amd64.

Thank you for this milestone!

"....We have enable SSP support by default on this and on newer versions
for arches where it is supported..........."

As I read the above quote, 4.4.5 and 4.5.x also have SSP support enabled by
default; is this what was meant?

Thanks Again
 
Old 10-24-2010, 08:22 PM
Magnus Granberg
 
Default News item for hardened profile about gcc.

On Sunday 24 October 2010 19.00.44 7v5w7go9ub0o wrote:
> On 10/23/10 20:28, Magnus Granberg wrote:
> > Hi
> >
> > Was thinking to post a news item for the hardened profile about the
> > new GCC 4.4.4-r2 that have been stabled on x86 and amd64.
>
> Thank you for this milestone!
>
> "....We have enable SSP support by default on this and on newer versions
> for arches where it is supported..........."
>
> As I read the above quote, 4.4.5 and 4.5.x also have SSP support enabled by
> default; is this what was meant?
>
> Thanks Again
Yes it what it says.
/Magnus
 

Thread Tools




All times are GMT. The time now is 06:29 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org