List Archive: gentoo-hardened
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On Tue, 2004-11-30 at 13:12 +0000, David Cannings wrote:
> The page at http://www.gentoo.org/proj/en/hardened/propolice.xml
> suggests the following regarding SSP:
> "If you would the protection on by default add -fstack-protector to your
> CFLAGS in /etc/make.conf."
> However, this is contradicted by other pages on the hardened project
> website which say USE="hardened" is the correct way. Obviously
> USE="hardened" is correct (as it implies -fstack-protector-all), but the
> above could confuse people.
> I arrived at that page from the grsecurity/PaX documentation at
> http://www.gentoo.org/proj/en/hardened/grsecurity2.xml, I can't see it
> linked elsewhere but I haven't looked exhaustively.
> The rest of the documentation is great, it seems the Gentoo documents
> cover more than the grsecurity ones in some aspects. I've now got a
> kernel with PaX/grsecurity and I'm just rebuilding world to get SSP.
Unfortunately that propolice document is outdated in several aspects and
shouldn't be linked by any current documents so thanks for pointing this
out. I am in the process of writing a more complete and up-to-date SSP
guide that will replace that guide in the future.
For now the most up-to-date explanation regarding turning on SSP
building is probably in the Hardened FAQ:
Adam Mondl <tocharian@...>
signature.asc (This is a digitally signed message part)