1 |
Hi Solar! |
2 |
|
3 |
Thank you for sharing all these valuable informations with us. |
4 |
|
5 |
-- |
6 |
dr Tóth Attila, Radiológus Szakorvos jelölt, 06-20-825-8057, 06-30-5962-962 |
7 |
Attila Toth MD, Radiologist in Training, +36-20-825-8057, +36-30-5962-962 |
8 |
|
9 |
On Pén, Január 18, 2008 08:16, Ned Ludd wrote: |
10 |
> |
11 |
> On Fri, 2008-01-18 at 04:46 +0100, atoth@××××××××××.hu wrote: |
12 |
>> On Csü, Január 17, 2008 20:57, Ned Ludd wrote: |
13 |
>> > |
14 |
>> > On Thu, 2008-01-17 at 20:03 +0100, atoth@××××××××××.hu wrote: |
15 |
> |
16 |
> [snip] |
17 |
> |
18 |
>> > Note: That both of the methods I have shown do not enable SSP in |
19 |
>> gcc-4. |
20 |
>> > |
21 |
>> |
22 |
>> Thanks for the suggestions. |
23 |
>> BTW: why don't you enable SSP? If |
24 |
> |
25 |
> |
26 |
>> I would spend my time on separate specs, I would surely go for SSP as |
27 |
>> well. |
28 |
> |
29 |
> You are more than welcome to edit the specs for yourself and add the |
30 |
> ssp rules as well. I'm not a big fan of moving forward with ssp myself |
31 |
> and pie/relro/now is cheap/easy suits most of my needs so why not take |
32 |
> advantage of it.. |
33 |
> |
34 |
> If you want add ssp to those specs you can probably more or less base |
35 |
> them easy enough off the gcc-3.x specs. |
36 |
> |
37 |
> Should/Would look something nearly exactly like this |
38 |
[snip] |
39 |
> |
40 |
>> Are there any known problems? |
41 |
> |
42 |
> yes, but please don't ask me to document them for you. |
43 |
> |
44 |
|
45 |
I would never ever ask you for that... |
46 |
|
47 |
I would rather avoid tampering with eclass functions (using KQ overlay). |
48 |
As I can make it out: ssp is built into gcc version 4.1+ taken from the |
49 |
regular portage tree. KQ's version discards two patches, but applies a pie |
50 |
patch. KQ's glibc installs a handler and takes care of unsupported and |
51 |
supported archs. |
52 |
|
53 |
I'll follow your advice and create some specs for the system. I wonder if |
54 |
the spec files from KQ's overlay could be used along with current portage |
55 |
toolchain ebuilds (gcc-4.1.1-r3 or gcc-4.1.2 and glibc-2.6.1)? I'm worried |
56 |
about the pie patch missing... |
57 |
|
58 |
What is the reason you are not keen on ssp as a security-focused developer? |
59 |
|
60 |
Again: thx for your efforts. |
61 |
|
62 |
Regards, |
63 |
Dw. |
64 |
|
65 |
-- |
66 |
gentoo-hardened@l.g.o mailing list |