1 |
On Mon, Apr 16, 2018 at 07:53:07PM +0200, Toralf Förster wrote: |
2 |
> On 04/16/2018 11:14 AM, Hanno Böck wrote: |
3 |
> > There's also another question related to this: What's the future for |
4 |
> > Gentoo hardened? |
5 |
> > From what I can tell hardened consists of: |
6 |
> > * the things that try to make it compatible with grsec/pax |
7 |
> > (more or less obsolete). |
8 |
> > * things that are now in default profiles anyway (aslr, stack |
9 |
> > protector). |
10 |
> > * things that probably should be in default profiles (relro, now linker |
11 |
> > flags) |
12 |
> > * -fstack-check, which should eventually be replaced with |
13 |
> > -fstack-clash-protection (only available in future gcc's) and that |
14 |
> > should probably also go into default profiles. |
15 |
> > * Furthermore hardened disables some useful features due to their |
16 |
> > incompatibility with pax (e.g. sanitizers). |
17 |
> |
18 |
> Which let me wonder, what I would lose today by a switch from |
19 |
> 17.0-hardened + USE-flags to 17.0/desktop/plasma at my KDE desktop? |
20 |
|
21 |
Right now, the main things you'd lose are bindnow and |
22 |
fstack-protector-all vs fstack-protector-strong i think. But in the |
23 |
future as new hardening stuff is added to the toolchains they will |
24 |
likely be enabled in hardened before default too. |
25 |
|
26 |
-- Jason |
27 |
> |
28 |
> -- |
29 |
> Toralf |
30 |
> PGP 23217DA7 9B888F45 |
31 |
> |
32 |
> |