| 1 |
On Tue, 05 Sep 2006 15:24:24 +0100 |
| 2 |
Ed W <lists@××××××××××.com> wrote: |
| 3 |
|
| 4 |
> Hi, this is a repeat of my question from the previous thread, but I |
| 5 |
> guess it makes sense to start a new thread. |
| 6 |
> |
| 7 |
> What are the implications of taking a 2006.1 stage3 (ie gcc 4.1.1) |
| 8 |
> turning on the hardened flags and running "emerge -e world"? Is gcc |
| 9 |
> 4.1.1 supported to any extent at all with the hardened USE flag? |
| 10 |
|
| 11 |
If you want to set USE=hardened, you should switch the profile (I've |
| 12 |
probably said this before!) to one of the hardened profiles rather |
| 13 |
than just editing /etc/make.conf. In the hardened profiles (but not |
| 14 |
the selinux profiles) you'll find that gcc-4.x is masked, along with |
| 15 |
gcc-2.4. |
| 16 |
|
| 17 |
We currently do not supply the modifications necessary to make |
| 18 |
gcc-4.1.1 "hardened" - they're still (slooowly) under development. |
| 19 |
|
| 20 |
> Reading a little around the subject suggests that we should stick |
| 21 |
> with 3.4.x for the time being, but I am putting in a new server and |
| 22 |
> it seems prudent to get any major work done up front before we go |
| 23 |
> live. Some people here seem to be implying that gcc 4.1.1 is working |
| 24 |
> ok for them?? |
| 25 |
|
| 26 |
Unmasking gcc-4.1.1 will work in as much as it'll build stuff that runs |
| 27 |
fine, but it'll compile everything vanilla unless you modify the specs |
| 28 |
file yourself. This means that you won't get PIE executables (so PaX |
| 29 |
ASLR won't do anything), you won't be building with the stack protector, |
| 30 |
stuff won't be RELRO/BIND_NOW. |
| 31 |
|
| 32 |
See the docs on the project website for more information |
| 33 |
http://www.gentoo.org/proj/en/hardened/ |
| 34 |
|
| 35 |
-- |
| 36 |
Kevin F. Quinn |
Archives