1 |
- grsecurity updates - |
2 |
grsec-sources-2.4.26 has hit the tree, use -r1 |
3 |
gradm2 - removed from the tree. |
4 |
gradm1 - removed from the tree. |
5 |
gradm-2.0 - now sits in as gradm |
6 |
grsecurity-base-policy - fully deprecated.. unmerge it now. |
7 |
|
8 |
- toolchain updates - |
9 |
=sys-devel/gcc-3.3.3-r2 - includes piessp multi-arch support. |
10 |
=sys-devel/binutils-2.15.90.0.3-r1 - adds relro and uclibc support |
11 |
|
12 |
- 7 second FAQ - |
13 |
Q) How do I make use of this? |
14 |
A) Well currently binutils and gcc are both package.masked pending your |
15 |
testing. So you have to unmask them. |
16 |
|
17 |
Q) How do I unmask and begin testing? |
18 |
A) |
19 |
mkdir -p /etc/portage/ |
20 |
echo =sys-devel/gcc-3.3.3-r2 >> /etc/portage/package.unmask |
21 |
echo =sys-devel/binutils-2.15.90.0.3-r1 >> /etc/portage/package.unmask |
22 |
USE=hardened ACCEPT_KEYWORDS="~x86" emerge -e system |
23 |
|
24 |
Q) What arches are supported? |
25 |
A) Out of the box I/we expect x86/amd64/ppc |
26 |
sparc64 requires extra work inside of glibc - cross your fingers that's |
27 |
coming soon as well. |
28 |
|
29 |
Q) What kernel do I need to use? |
30 |
A) You can use a number of kernels at Gentoo. The key that is that your |
31 |
kernel support PaX Address Space Layout Randomizations. |
32 |
So.. grsec-sources, hardened-sources, hardened-dev-sources |
33 |
amd64 users will have to use a 2.6.x kernel. |
34 |
|
35 |
Q) I found a bug what should I do? |
36 |
A) Fix the bug and send me a patch. |
37 |
|
38 |
- Credits - |
39 |
Many many thanks to Peter S. Mazinger who has been working with me on |
40 |
the toolchain in pappy's absence on the pie/ssp solution. |
41 |
|
42 |
- Notes - |
43 |
binutils & glibc now add support for uclibc but it's not tested fully so |
44 |
so expect it to work out of the box quite yet. |
45 |
|
46 |
-- |
47 |
Ned Ludd <solar@g.o> |
48 |
Gentoo Linux Developer |