Received: by 10.223.185.116 with SMTP id b49csp1480624wrg; Sun, 11 Feb 2018 13:07:03 -0800 (PST) X-Google-Smtp-Source: AH8x2248JNwlf6FSqqMyNz7EogTl6mri+voWPS0LNZ7fMBc/bG4Ff8H503lDyLjME+3Pe6uPjqqX X-Received: by 10.99.185.78 with SMTP id v14mr7836350pgo.112.1518383222926; Sun, 11 Feb 2018 13:07:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518383222; cv=none; d=google.com; s=arc-20160816; b=o1oGneKkv/lTzhdDyP1xH9jJdut7Vs6wdSVGBp4LFa4w2w93BlNssmvYOzCqD8B+Tk BJK45Z3347P+sbvK0kkkaDm0uXmZZdAQfOEQOnHdhgv5T3GSCicF/MD7XCm/wHm/2DhR q/xWHAYkQYLFFSajHEUATCHSweMZKuARL8SKDoaKYACMJM4+hsGZPadfhBV5anQ3JbZq PiVkt99mxsLTBPM0F7p1vK9OON7YZqwuO3ePoPQxE4agr0z1EekvQ3v54FwnsnvHyA7w vSA66cM1UqeN1YY0tWIzM4O0mdt5fXBlmRoO/0EmGdVZe0kD42gbFZ13sMhGqEjeJR7i Tkog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=xEZYFJfWMeyLjQ+SPWeG9EROa1ufZJVUhvybPTZ85iA=; b=X4ZQSRIyLdj84P8WUVUNAja2387xtHeUYbqlKZzqB4qRAEk5k274b2LxegvOQwnn3a j8ocskqPtZqjzzqhUFZd7gXsKqowmeh8ZseO/pkH93a31GtkQQYjLvSD93ycqOccmXHD 5zKIVjkirLSc1gqhfuS3BT/YeHQPEFmZbKpkwRICA7szPHpjlLsl9w69m+T8lBZwBV76 /t+q6U43eaL8XwsAkVhlfcdnHQ1uM8h7gazS8dVPRL51LDzLY/Of5UJuBFwHPyucHmQV m4yb/9mqZANrII+NkmaEY5t2HypsxSlBtXBtPbocLNR0S7dre8/6PmH49pv51UQk1oTv MsUA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=cn+04PTi; dkim=fail header.i=@chromium.org header.s=google header.b=dwewu+BI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q188si46527pga.444.2018.02.11.13.06.48; Sun, 11 Feb 2018 13:07:02 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=cn+04PTi; dkim=fail header.i=@chromium.org header.s=google header.b=dwewu+BI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932181AbeBKVFR (ORCPT + 99 others); Sun, 11 Feb 2018 16:05:17 -0500 Received: from mail-vk0-f44.google.com ([209.85.213.44]:41640 "EHLO mail-vk0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753689AbeBKVFP (ORCPT ); Sun, 11 Feb 2018 16:05:15 -0500 Received: by mail-vk0-f44.google.com with SMTP id g186so7777350vkd.8 for ; Sun, 11 Feb 2018 13:05:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=xEZYFJfWMeyLjQ+SPWeG9EROa1ufZJVUhvybPTZ85iA=; b=cn+04PTiaabl+rPxQkeRxU2xjnCXNIb1u9hix4pI6jkMdCWCqh6SdPeDqT1I2VvOXT dyaKu/NhrgP4PakrMU3/G/Pbl+Ytd9MRGMwHgJl16oxc4+Y5JSjE8bQyHvtWkpPg1XRc xF1Ejw843rk/1NDiEehssa+T8xCKlngoeRKVw6mZyyjDXbxPKNy/Vg4plL2G8VfcC6mA cRdPPMbMTWNr06nKoMnAAZWP4UJSqK08Dp4V9C8/6lx8jAV7xhAh1k7eBEVzkkHarD2x xjeAOiPJCEDOgVW2Qjnv/r1lVpQqTXxo0SgvSSbyGYWSdEBZArRmtveyDWTb62hHwIBr ym5g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=xEZYFJfWMeyLjQ+SPWeG9EROa1ufZJVUhvybPTZ85iA=; b=dwewu+BIir9TaV1zcpuEhmDNBTKe8/sPsicHWlb1T9J1pnUR/eZjBuBJkdd125+dN7 NPbz5iAQg1VauR721L1EzNc5dAtG/Wvc5MpGQOvEgaoAHCqJj5sf3+PeHy/BTKvYhXAB bR3NBsPaROWkPRht4CHVB45wZdRuMJi3T6djg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=xEZYFJfWMeyLjQ+SPWeG9EROa1ufZJVUhvybPTZ85iA=; b=UctEIsbhFgYAxOwy+hG4Sm0g+E4rT5mHd7G6t0Sto6/Gc9zSxHQVhDC/5TN/7ReiL7 9QCozOoupUIKHEmXJ2LJFSduzHPzvpWxN7/wi7OtCJyhCrKoTLU7M5puaDvNlMN3V8su GERZTQP5nx0BfJR1LADes2Ea4GFww+3z3QYngE7iYWsO3fYFbBDNUhT44lMuMHigrycf xrWkQPpaZHILBP9VEQyRcXvUDQUsVpBXt2sosByt2An/PcbLAaN03nBAVzGFeSXfk0ru b88CQJBd7TEUNtcpqSdiuGcdnrmCzdirCdDUzBfyM6dm90ERBd2PCqACsECBH4QNT8lk xC4Q== X-Gm-Message-State: APf1xPD02mqSqGu4V+dJHvM+vVr6KDRLHQlH7b2Ps6sEAExZkg3MJOOc hJ5U6RsJIbyN3PBIeEqNa9f/akw5a17gI4pnwDad1Q== X-Received: by 10.31.204.131 with SMTP id c125mr3835995vkg.127.1518383114008; Sun, 11 Feb 2018 13:05:14 -0800 (PST) MIME-Version: 1.0 Received: by 10.31.67.196 with HTTP; Sun, 11 Feb 2018 13:05:12 -0800 (PST) In-Reply-To: References: <20180210054843.z3g7wvcmlccvww3h@huvuddator> <20180210074924.3nhxsza5zdbaahxx@huvuddator> <20180210080556.mycqsjhxbaguwhay@huvuddator> <20180210085519.737ckf4bcl57h4g2@huvuddator> <20180211103432.pf2ot6nd7nbhdhsy@huvuddator> From: Kees Cook Date: Sun, 11 Feb 2018 13:05:12 -0800 X-Google-Sender-Auth: AZz1zB_JckftYhNmmyT3m2gz5wQ Message-ID: Subject: Re: [RFC PATCH 4/7] kconfig: support new special property shell= To: Ulf Magnusson Cc: Linus Torvalds , Masahiro Yamada , Linux Kbuild mailing list , Greg Kroah-Hartman , Andrew Morton , Nicolas Pitre , "Luis R . Rodriguez" , Randy Dunlap , Sam Ravnborg , Michal Marek , Martin Schwidefsky , Pavel Machek , linux-s390 , Jiri Kosina , Linux Kernel Mailing List , Tejun Heo , Ingo Molnar , "Van De Ven, Arjan" , Arnd Bergmann Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Feb 11, 2018 at 10:34 AM, Ulf Magnusson wrote: > On Sun, Feb 11, 2018 at 6:56 PM, Kees Cook wrote: >> Old? That's not the case. The check for -fno-stack-protector will >> likely be needed forever, as some distro compilers enable >> stack-protector by default. So when someone wants to explicitly build >> without stack-protector (or if the compiler's stack-protector is >> detected as broken), we must force it off for the kernel build. > > What I meant is whether it makes sense to test if the > -fno-stack-protector option is supported. Can we reasonably assume > that passing -fno-stack-protector to the compiler won't cause an > error? That isn't something I've tested; but I can check if it's useful. > Is it possible to build GCC with no "no stack protector" support? Do > we need to support any compilers that would choke on the > -fno-stack-protector flag itself? > > If we can reasonably assume that passing -fno-stack-protector is safe, > then CC_HAS_STACKPROTECTOR_NONE isn't needed. Well, there are two situations: - does the user want to build _without_ stack protector? (which is something some people want to do, no matter what I think of it) - did _AUTO discover that stack protector output is broken? In both cases, we need to pass -fno-stack-protector in case the distro compiler was built with stack protector enabled by default. -Kees -- Kees Cook Pixel Security