You are not logged in.

#1 2019-10-30 16:32:10

ua4000
Member
Registered: 2015-10-14
Posts: 182

GCC C++17 --> recompile all packages ?

c't 23/2019, S. 64, Linux: Ubuntu 19.10:

Die GNU Compiler Collection (GCC) macht einen Sprung auf die im Frühjahr veröffentlichte Version 9, die C++17 voll unterstützt; ferner haben die Ubuntu-Macher beim Kompilieren der Pakete jetzt standardmäßig die GCC-Sicherheitsfunktionen Stack Clash Protection und Intel CET genutzt. Zum Vergleich: Fedora hat den Compiler seit April mitgeliefert und nutzt die beiden Security-Techniken schon seit eineinhalb Jahren.


DE>EN by google:

The GNU Compiler Collection (GCC) makes a leap to Spring 9 release, which fully supports C ++ 17; Ubuntu makers have now used the GCC's Stack Clash Protection and Intel CET GCC security features as standard when compiling the packages. For comparison: Fedora has supplied the compiler since April and uses the two security techniques for one and a half years.


Applied to Arch, this sounds like it would be a good idea to recompile all arch packages, now ?
Even with a rolling distro, we have a lot of very old packages in the repo I think.

Offline

#2 2019-10-30 17:37:42

loqs
Member
Registered: 2014-03-06
Posts: 9,062

Re: GCC C++17 --> recompile all packages ?

What hardware if any supports CET?
Stack clash already helped Fedora reduce the severity of issues with systemd's use of alloca from arbitrary code execution down to denial of service.
Edit:
glibc already enables CET.

Last edited by loqs (2019-10-30 17:39:04)

Offline

#3 2019-10-31 13:45:20

Nickolas0
Member
Registered: 2019-02-16
Posts: 23

Re: GCC C++17 --> recompile all packages ?

No hardware on the market supports CET so this option is just NOOP (or even worse as it could have negative perf impact).

This was recently discussed in twitter: https://twitter.com/_tsuro/status/1188445546031341568

Offline

Board footer

Powered by FluxBB