1 |
On Fri, 2008-01-18 at 21:03 +0100, atoth@××××××××××.hu wrote: |
2 |
> Hi Solar! |
3 |
> |
4 |
> Thank you for sharing all these valuable informations with us. |
5 |
> |
6 |
> -- |
7 |
> dr Tóth Attila, Radiológus Szakorvos jelölt, 06-20-825-8057, 06-30-5962-962 |
8 |
> Attila Toth MD, Radiologist in Training, +36-20-825-8057, +36-30-5962-962 |
9 |
> |
10 |
> On Pén, Január 18, 2008 08:16, Ned Ludd wrote: |
11 |
> > |
12 |
> > On Fri, 2008-01-18 at 04:46 +0100, atoth@××××××××××.hu wrote: |
13 |
> >> On Csü, Január 17, 2008 20:57, Ned Ludd wrote: |
14 |
> >> > |
15 |
> >> > On Thu, 2008-01-17 at 20:03 +0100, atoth@××××××××××.hu wrote: |
16 |
> > |
17 |
> > [snip] |
18 |
> > |
19 |
> >> > Note: That both of the methods I have shown do not enable SSP in |
20 |
> >> gcc-4. |
21 |
> >> > |
22 |
> >> |
23 |
> >> Thanks for the suggestions. |
24 |
> >> BTW: why don't you enable SSP? If |
25 |
> > |
26 |
> > |
27 |
> >> I would spend my time on separate specs, I would surely go for SSP as |
28 |
> >> well. |
29 |
> > |
30 |
> > You are more than welcome to edit the specs for yourself and add the |
31 |
> > ssp rules as well. I'm not a big fan of moving forward with ssp myself |
32 |
> > and pie/relro/now is cheap/easy suits most of my needs so why not take |
33 |
> > advantage of it.. |
34 |
> > |
35 |
> > If you want add ssp to those specs you can probably more or less base |
36 |
> > them easy enough off the gcc-3.x specs. |
37 |
> > |
38 |
> > Should/Would look something nearly exactly like this |
39 |
> [snip] |
40 |
> > |
41 |
> >> Are there any known problems? |
42 |
> > |
43 |
> > yes, but please don't ask me to document them for you. |
44 |
> > |
45 |
> |
46 |
> I would never ever ask you for that... |
47 |
> |
48 |
> I would rather avoid tampering with eclass functions (using KQ overlay). |
49 |
> As I can make it out: ssp is built into gcc version 4.1+ taken from the |
50 |
> regular portage tree. KQ's version discards two patches, but applies a pie |
51 |
> patch. KQ's glibc installs a handler and takes care of unsupported and |
52 |
> supported archs. |
53 |
> |
54 |
> I'll follow your advice and create some specs for the system. I wonder if |
55 |
> the spec files from KQ's overlay could be used along with current portage |
56 |
> toolchain ebuilds (gcc-4.1.1-r3 or gcc-4.1.2 and glibc-2.6.1)? I'm worried |
57 |
> about the pie patch missing... |
58 |
> |
59 |
> What is the reason you are not keen on ssp as a security-focused developer? |
60 |
|
61 |
|
62 |
Sorry I should of clarified. What I'm keen on, is not talking about |
63 |
gcc-4.x at all. Really I posted the info here not just for you but for |
64 |
others who might be looking/searching to do the same thing. More or less |
65 |
so I would hopefully not have to be bugged about gcc-4.x again for |
66 |
another 6months. I really don't like talking about it as it personally |
67 |
frustrates me. You would have to search our archives here to see when I |
68 |
let go of maintainer-ship of the hardened-toolchain for more details. |
69 |
|
70 |
Good luck... |
71 |
|
72 |
|
73 |
-- |
74 |
Ned Ludd <solar@g.o> |
75 |
Gentoo Linux |
76 |
|
77 |
-- |
78 |
gentoo-hardened@l.g.o mailing list |