1 |
On Sun, 2004-07-18 at 21:50, Barry Dunn wrote: |
2 |
> Hi, I've converted a recent install to hardened (USE=hardened, changed |
3 |
> the profile to hardened-x86-2004.0, emerge gcc binutils glibc && emerge |
4 |
> -e world, using hardened-dev-sources-2.6.7-r3) and now cpufreqd won't |
5 |
> start, it segfaults every time. I will be using grsec/pax but have |
6 |
> removed them from the kernel for now, cpufreqd is still the same though. |
7 |
> |
8 |
> Guess I need to post a bug report, just thought I'd see if anyone had |
9 |
> any suggestions first on things to try. There's an strace below fwiw. |
10 |
> |
11 |
|
12 |
|
13 |
> Now that flags like -pie and -fstack-protector are deprecated in favour |
14 |
> of the hardened use flag, can anyone tell me how best to disable |
15 |
> hardened stuff when compiling particular packages, to work around any |
16 |
> problem like this? (I confess I'm not too clear on what all the compiler |
17 |
> options do or how they interrelate... more reading required.) |
18 |
|
19 |
|
20 |
[snip] |
21 |
|
22 |
# This will disable everything. |
23 |
|
24 |
# -fno-stack-protector-all disables ssp |
25 |
# -fno-pie builds main executables as ET_EXEC |
26 |
|
27 |
CFLAGS="-fno-stack-protector -fno-pie" emerge cpufreqd |
28 |
# for EI_PAX flags |
29 |
chpax -permsx /usr/sbin/cpufreqd |
30 |
# for PT_PAX_FLAGS |
31 |
paxctl -permsx /usr/sbin/cpufreqd |
32 |
|
33 |
-- |
34 |
Ned Ludd <solar@g.o> |
35 |
Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer |