On Sun, Mar 09, 2014 at 06:50:36AM +0800, Paul Wise wrote: > On Sat, 2014-03-08 at 18:23 +0100, Florian Weimer wrote: > > * Moritz Muehlenhoff: > > > > > I agree we should stick with dpkg-buildflags until this is fixed upstream. > > > Gentoo Hardened tried to upstream this a year ago, but apparently this didn't make > > > the cut yet: > > > http://gcc.gnu.org/ml/gcc-patches/2012-09/msg00473.html > > It looks like the Gentoo Hardened folks addressed all of the concerns of > the GCC folks but didn't push for the patches to be included after that > had finished doing that. Perhaps also the GCC folks didn't have time to > do a full review. The Gentoo Hardened folks say bootstrap was achieved. > > > On the other hand, it is somewhat doubtful if we can come up with a > > one-size-fits-all compile time option. For example, Fedora wants to > > enable -grecord-gcc-switches, but maybe Debian doesn't (e.g. because > > it impacts reproducible builds). > > It should at least be an option to enable these at GCC compile time so > that all binaries compiled by GCC use them. As long as GCC supports the > corresponding command-line options for turning off enabled options at > runtime, this approach should be viable since upstreams that need these > flags disabled can do that in their build systems. I kind of agree here, but Matthias made it clear that upstream inclusion was a prerequisite (and I'm not sure he's interested in actually pushing that upstream). It might be worth contacting Gentoo Hardened people, Ubuntu security people (although I think Kees Cook was the most active one and he's now working at Google) and gcc upstream, asking for status and maybe pushing a little bit forward. But right now I'm not sure that, in Debian, we have people knowledgeable enough on the intimate gcc behavior to push that directly. That's a bit unfortunate. Regards, -- Yves-Alexis Perez Debian security team
Attachment:
signature.asc
Description: Digital signature