| 1 |
...ok, once again not really, but i cant use that trick to get people's |
| 2 |
attention after today so i figured i might as well use it twice. :) |
| 3 |
|
| 4 |
recent gcc ebuilds have been patched to recognise an environment |
| 5 |
variable, GCC_SPECS, that sets which specs-file should be used. the gcc |
| 6 |
3.4.2-r2 ebuild also builds both hardened and non-hardened specs files |
| 7 |
for all users (though it doesnt make hardened the default specs file for |
| 8 |
non-hardened users). |
| 9 |
|
| 10 |
so, what does this mean? it means that everyone can now assist in fixing |
| 11 |
hardened toolchain related bugs in the packages they maintain without |
| 12 |
having to recompile gcc to get a hardened toolchain up. good stuff, eh? :) |
| 13 |
|
| 14 |
|
| 15 |
ayanami root # gcc main.c -o main ; file main |
| 16 |
main: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for |
| 17 |
GNU/Linux 2.4.1, dynamically linked (uses shared libs), not stripped |
| 18 |
|
| 19 |
ayanami root # export |
| 20 |
GCC_SPECS=/usr/lib/gcc/x86_64-pc-linux-gnu/3.4.2/hardened.specs |
| 21 |
|
| 22 |
ayanami root # gcc main.c -o main ; file main |
| 23 |
main: ELF 64-bit LSB shared object, AMD x86-64, version 1 (SYSV), not |
| 24 |
stripped |
| 25 |
|
| 26 |
|
| 27 |
so now, for anyone interested, helping with hardened now requires the |
| 28 |
absolute minimum effort possible and shouldnt be a pain for devs who |
| 29 |
dont want to have a full hardened install. go team! *high-fives Rob |
| 30 |
Holland for writing the patch* |
| 31 |
|
| 32 |
patched ebuilds: |
| 33 |
gcc-3.3.4-r2 |
| 34 |
gcc-3.4.1-r3 |
| 35 |
gcc-3.4.2-r2 |
| 36 |
|
| 37 |
|
| 38 |
Travis Tilley |
| 39 |
Gentoo/AMD64 |
| 40 |
|
| 41 |
-- |
| 42 |
gentoo-dev@g.o mailing list |
Archives