1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Travis Tilley wrote: |
5 |
| ...ok, once again not really, but i cant use that trick to get people's |
6 |
| attention after today so i figured i might as well use it twice. :) |
7 |
| |
8 |
| recent gcc ebuilds have been patched to recognise an environment |
9 |
| variable, GCC_SPECS, that sets which specs-file should be used. the gcc |
10 |
| 3.4.2-r2 ebuild also builds both hardened and non-hardened specs files |
11 |
| for all users (though it doesnt make hardened the default specs file for |
12 |
| non-hardened users). |
13 |
| |
14 |
| so, what does this mean? it means that everyone can now assist in fixing |
15 |
| hardened toolchain related bugs in the packages they maintain without |
16 |
| having to recompile gcc to get a hardened toolchain up. good stuff, eh? :) |
17 |
| |
18 |
| |
19 |
| ayanami root # gcc main.c -o main ; file main |
20 |
| main: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for |
21 |
| GNU/Linux 2.4.1, dynamically linked (uses shared libs), not stripped |
22 |
| |
23 |
| ayanami root # export |
24 |
| GCC_SPECS=/usr/lib/gcc/x86_64-pc-linux-gnu/3.4.2/hardened.specs |
25 |
| |
26 |
| ayanami root # gcc main.c -o main ; file main |
27 |
| main: ELF 64-bit LSB shared object, AMD x86-64, version 1 (SYSV), not |
28 |
| stripped |
29 |
| |
30 |
| |
31 |
| so now, for anyone interested, helping with hardened now requires the |
32 |
| absolute minimum effort possible and shouldnt be a pain for devs who |
33 |
| dont want to have a full hardened install. go team! *high-fives Rob |
34 |
| Holland for writing the patch* |
35 |
| |
36 |
| patched ebuilds: |
37 |
| gcc-3.3.4-r2 |
38 |
| gcc-3.4.1-r3 |
39 |
| gcc-3.4.2-r2 |
40 |
| |
41 |
| |
42 |
| Travis Tilley |
43 |
| Gentoo/AMD64 |
44 |
| |
45 |
| -- |
46 |
| gentoo-dev@g.o mailing list |
47 |
| |
48 |
| |
49 |
| |
50 |
let's add support for this switching into gcc-config and that way people |
51 |
won't have to remember the full path to the spec file... it'd know it |
52 |
based on the profile info. |
53 |
|
54 |
- -- |
55 |
Doug Goldstein |
56 |
http://dev.gentoo.org/~cardoe |
57 |
|
58 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x179106D0 |
59 |
Key fingerprint = 7001 5FBF BACE 9E66 3A1C 55E0 161C FF5C 1791 06D0 |
60 |
|
61 |
-----BEGIN PGP SIGNATURE----- |
62 |
Version: GnuPG v1.2.6 (GNU/Linux) |
63 |
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
64 |
|
65 |
iD8DBQFBXgveFhz/XBeRBtARAjn0AJ4wj1dH4XN23npP8BmsRMSfpJiPtgCfe4Pt |
66 |
cqzx5S4OwwR87Rh6FI0BAbc= |
67 |
=AE8D |
68 |
-----END PGP SIGNATURE----- |
69 |
|
70 |
-- |
71 |
gentoo-dev@g.o mailing list |