You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@mesos.apache.org by Aaron Wood <aa...@verizon.com> on 2016/11/29 16:26:01 UTC

Re: Review Request 52695: Harden libprocess

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52695/
-----------------------------------------------------------

(Updated Nov. 29, 2016, 4:26 p.m.)


Review request for mesos, James Peach, Michael Park, and Neil Conway.


Changes
-------

Changed version of macro to work with CentOS 6.


Bugs: MESOS-6229
    https://issues.apache.org/jira/browse/MESOS-6229


Repository: mesos


Description (updated)
-------

Add hardened flags for libprocess.
Take compile flag macro at 391cb680171d3889965b1ead43d3a326c913bc25.
The macro at 1a869696e4129279f7b99c3f9052717354b79a86 requires autoconf 2.64 which breaks on CentOS 6.


Diffs (updated)
-----

  3rdparty/libprocess/Makefile.am 7131989 
  3rdparty/libprocess/configure.ac e65e5ca 
  3rdparty/libprocess/m4/ax_check_compile_flag.m4 PRE-CREATION 

Diff: https://reviews.apache.org/r/52695/diff/


Testing
-------

Compared the benchmarks with and without the flags being used. Also did a comparsion with the flags being used with and without optimizations and without the flags being used with and without optimizations. Overall the performance hit was very small with a 3-8% overhead (optimizations brings this down slightly). Most benchmarks were about 5% (or less) slower.


File Attachments
----------------

--enable-optimized with hardening applied
  https://reviews.apache.org/media/uploaded/files/2016/11/02/875c9e6e-c73b-4e3c-8265-0f7c6dc00351__hardened-optimized.txt
Hardening applied but no --enable-optimized
  https://reviews.apache.org/media/uploaded/files/2016/11/02/932d28a7-2d31-471a-b438-647841a6853c__hardened-unoptimized.txt
--enable-optimized with no hardening applied
  https://reviews.apache.org/media/uploaded/files/2016/11/02/896944ea-9b31-4d62-b1b9-97fb4700a882__optimized.txt
No hardening applied and no --enable-optimized
  https://reviews.apache.org/media/uploaded/files/2016/11/02/b32667ce-3e3b-4d2b-b4f8-4c2404a0fc1c__unoptimized.txt


Thanks,

Aaron Wood

Re: Review Request 52695: Harden libprocess

Posted by Aaron Wood <aa...@verizon.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52695/
-----------------------------------------------------------

(Updated Nov. 30, 2016, 8:52 p.m.)


Review request for mesos, James Peach, Michael Park, and Neil Conway.


Changes
-------

Don't warn when stack protection isn't used.


Bugs: MESOS-6229
    https://issues.apache.org/jira/browse/MESOS-6229


Repository: mesos


Description
-------

Add hardened flags for libprocess.
Take compile flag macro at 391cb680171d3889965b1ead43d3a326c913bc25.
The macro at 1a869696e4129279f7b99c3f9052717354b79a86 requires autoconf 2.64 which breaks on CentOS 6.


Diffs (updated)
-----

  3rdparty/libprocess/Makefile.am 9d496b8 
  3rdparty/libprocess/configure.ac e65e5ca 
  3rdparty/libprocess/m4/ax_check_compile_flag.m4 PRE-CREATION 

Diff: https://reviews.apache.org/r/52695/diff/


Testing
-------

Compared the benchmarks with and without the flags being used. Also did a comparsion with the flags being used with and without optimizations and without the flags being used with and without optimizations. Overall the performance hit was very small with a 3-8% overhead (optimizations brings this down slightly). Most benchmarks were about 5% (or less) slower.


File Attachments
----------------

--enable-optimized with hardening applied
  https://reviews.apache.org/media/uploaded/files/2016/11/02/875c9e6e-c73b-4e3c-8265-0f7c6dc00351__hardened-optimized.txt
Hardening applied but no --enable-optimized
  https://reviews.apache.org/media/uploaded/files/2016/11/02/932d28a7-2d31-471a-b438-647841a6853c__hardened-unoptimized.txt
--enable-optimized with no hardening applied
  https://reviews.apache.org/media/uploaded/files/2016/11/02/896944ea-9b31-4d62-b1b9-97fb4700a882__optimized.txt
No hardening applied and no --enable-optimized
  https://reviews.apache.org/media/uploaded/files/2016/11/02/b32667ce-3e3b-4d2b-b4f8-4c2404a0fc1c__unoptimized.txt


Thanks,

Aaron Wood

Re: Review Request 52695: Harden libprocess

Posted by Aaron Wood <aa...@verizon.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52695/
-----------------------------------------------------------

(Updated Nov. 30, 2016, 5:12 p.m.)


Review request for mesos, James Peach, Michael Park, and Neil Conway.


Changes
-------

Fixed newline issue in the macro.


Bugs: MESOS-6229
    https://issues.apache.org/jira/browse/MESOS-6229


Repository: mesos


Description
-------

Add hardened flags for libprocess.
Take compile flag macro at 391cb680171d3889965b1ead43d3a326c913bc25.
The macro at 1a869696e4129279f7b99c3f9052717354b79a86 requires autoconf 2.64 which breaks on CentOS 6.


Diffs (updated)
-----

  3rdparty/libprocess/Makefile.am 9d496b8 
  3rdparty/libprocess/configure.ac e65e5ca 
  3rdparty/libprocess/m4/ax_check_compile_flag.m4 PRE-CREATION 

Diff: https://reviews.apache.org/r/52695/diff/


Testing
-------

Compared the benchmarks with and without the flags being used. Also did a comparsion with the flags being used with and without optimizations and without the flags being used with and without optimizations. Overall the performance hit was very small with a 3-8% overhead (optimizations brings this down slightly). Most benchmarks were about 5% (or less) slower.


File Attachments
----------------

--enable-optimized with hardening applied
  https://reviews.apache.org/media/uploaded/files/2016/11/02/875c9e6e-c73b-4e3c-8265-0f7c6dc00351__hardened-optimized.txt
Hardening applied but no --enable-optimized
  https://reviews.apache.org/media/uploaded/files/2016/11/02/932d28a7-2d31-471a-b438-647841a6853c__hardened-unoptimized.txt
--enable-optimized with no hardening applied
  https://reviews.apache.org/media/uploaded/files/2016/11/02/896944ea-9b31-4d62-b1b9-97fb4700a882__optimized.txt
No hardening applied and no --enable-optimized
  https://reviews.apache.org/media/uploaded/files/2016/11/02/b32667ce-3e3b-4d2b-b4f8-4c2404a0fc1c__unoptimized.txt


Thanks,

Aaron Wood