1 |
On Tue, 05 Sep 2006 15:24:24 +0100 |
2 |
Ed W <lists@××××××××××.com> wrote: |
3 |
|
4 |
> Hi, this is a repeat of my question from the previous thread, but I |
5 |
> guess it makes sense to start a new thread. |
6 |
> |
7 |
> What are the implications of taking a 2006.1 stage3 (ie gcc 4.1.1) |
8 |
> turning on the hardened flags and running "emerge -e world"? Is gcc |
9 |
> 4.1.1 supported to any extent at all with the hardened USE flag? |
10 |
|
11 |
If you want to set USE=hardened, you should switch the profile (I've |
12 |
probably said this before!) to one of the hardened profiles rather |
13 |
than just editing /etc/make.conf. In the hardened profiles (but not |
14 |
the selinux profiles) you'll find that gcc-4.x is masked, along with |
15 |
gcc-2.4. |
16 |
|
17 |
We currently do not supply the modifications necessary to make |
18 |
gcc-4.1.1 "hardened" - they're still (slooowly) under development. |
19 |
|
20 |
> Reading a little around the subject suggests that we should stick |
21 |
> with 3.4.x for the time being, but I am putting in a new server and |
22 |
> it seems prudent to get any major work done up front before we go |
23 |
> live. Some people here seem to be implying that gcc 4.1.1 is working |
24 |
> ok for them?? |
25 |
|
26 |
Unmasking gcc-4.1.1 will work in as much as it'll build stuff that runs |
27 |
fine, but it'll compile everything vanilla unless you modify the specs |
28 |
file yourself. This means that you won't get PIE executables (so PaX |
29 |
ASLR won't do anything), you won't be building with the stack protector, |
30 |
stuff won't be RELRO/BIND_NOW. |
31 |
|
32 |
See the docs on the project website for more information |
33 |
http://www.gentoo.org/proj/en/hardened/ |
34 |
|
35 |
-- |
36 |
Kevin F. Quinn |