1 |
On Fri, 2008-01-18 at 04:46 +0100, atoth@××××××××××.hu wrote: |
2 |
> On Csü, Január 17, 2008 20:57, Ned Ludd wrote: |
3 |
> > |
4 |
> > On Thu, 2008-01-17 at 20:03 +0100, atoth@××××××××××.hu wrote: |
5 |
|
6 |
[snip] |
7 |
|
8 |
> > Note: That both of the methods I have shown do not enable SSP in gcc-4. |
9 |
> > |
10 |
> |
11 |
> Thanks for the suggestions. |
12 |
> BTW: why don't you enable SSP? If |
13 |
|
14 |
|
15 |
> I would spend my time on separate specs, I would surely go for SSP as well. |
16 |
|
17 |
You are more than welcome to edit the specs for yourself and add the |
18 |
ssp rules as well. I'm not a big fan of moving forward with ssp myself |
19 |
and pie/relro/now is cheap/easy suits most of my needs so why not take |
20 |
advantage of it.. |
21 |
|
22 |
If you want add ssp to those specs you can probably more or less base |
23 |
them easy enough off the gcc-3.x specs. |
24 |
|
25 |
Should/Would look something nearly exactly like this |
26 |
|
27 |
*cc1_ssp: |
28 |
%{!D__KERNEL__: %{!nostdlib: %{!fno-stack-protector: -fstack-protector |
29 |
%{!D_LIBC: %{!D_LIBC_REENTRANT: %{!fno-stack-protector-all: |
30 |
-fstack-protector} } } } } } |
31 |
|
32 |
Then in the *cc1 section change |
33 |
|
34 |
*cc1: |
35 |
%(cc1_cpu) %{profile:-p} %(cc1_pie) |
36 |
|
37 |
to |
38 |
|
39 |
*cc1: |
40 |
%(cc1_cpu) %{profile:-p} %(cc1_pie) %(cc1_ssp) |
41 |
|
42 |
|
43 |
> Are there any known problems? |
44 |
|
45 |
yes, but please don't ask me to document them for you. |
46 |
|
47 |
|
48 |
-- |
49 |
gentoo-hardened@l.g.o mailing list |