| 1 |
On Mon, Apr 16, 2018 at 07:53:07PM +0200, Toralf Förster wrote: |
| 2 |
> On 04/16/2018 11:14 AM, Hanno Böck wrote: |
| 3 |
> > There's also another question related to this: What's the future for |
| 4 |
> > Gentoo hardened? |
| 5 |
> > From what I can tell hardened consists of: |
| 6 |
> > * the things that try to make it compatible with grsec/pax |
| 7 |
> > (more or less obsolete). |
| 8 |
> > * things that are now in default profiles anyway (aslr, stack |
| 9 |
> > protector). |
| 10 |
> > * things that probably should be in default profiles (relro, now linker |
| 11 |
> > flags) |
| 12 |
> > * -fstack-check, which should eventually be replaced with |
| 13 |
> > -fstack-clash-protection (only available in future gcc's) and that |
| 14 |
> > should probably also go into default profiles. |
| 15 |
> > * Furthermore hardened disables some useful features due to their |
| 16 |
> > incompatibility with pax (e.g. sanitizers). |
| 17 |
> |
| 18 |
> Which let me wonder, what I would lose today by a switch from |
| 19 |
> 17.0-hardened + USE-flags to 17.0/desktop/plasma at my KDE desktop? |
| 20 |
|
| 21 |
Right now, the main things you'd lose are bindnow and |
| 22 |
fstack-protector-all vs fstack-protector-strong i think. But in the |
| 23 |
future as new hardening stuff is added to the toolchains they will |
| 24 |
likely be enabled in hardened before default too. |
| 25 |
|
| 26 |
-- Jason |
| 27 |
> |
| 28 |
> -- |
| 29 |
> Toralf |
| 30 |
> PGP 23217DA7 9B888F45 |
| 31 |
> |
| 32 |
> |
Archives