1 |
Why did you add ssp in CFLAGS?, why not using specs directly?. I only |
2 |
added -D_FORTIFY_SOURCE=2 in CFLAGS. glibc doesn't compile with |
3 |
-fstack-protector-all in the CFLAGS, so you should switch to the |
4 |
-fstack-protector to compile which is less secure than using specs |
5 |
which compile with -fstack-protector-all which could be done. |
6 |
|
7 |
2009/5/20 basile <basile@××××××××××××××.edu>: |
8 |
> |
9 |
> Hello everyone, |
10 |
> |
11 |
> I'd like to announce that a new release of Tin Hat is out. Tin Hat is a |
12 |
> fully featured Linux desktop based on Hardened Gentoo which runs purely |
13 |
> in RAM. It aims to be very secure, stable, and fast. |
14 |
> |
15 |
> This release concentrates primarily on updating the hardened tool chain, |
16 |
> and no changes were made to the kernel since the last release. The |
17 |
> system was completely recompiled using hardened Gentoo's stock gcc-4.3.3 |
18 |
> plus stack-protection added via the CFLAGS and CXXFLAGS in make.conf. |
19 |
> Extensive testing of the most used services and apps gave no issues with |
20 |
> the exception of Evolution which required lazy linking. |
21 |
> |
22 |
> As with every release, we sync-ed upstream with Gentoo. Major package |
23 |
> updates include coreutils, util-linux, and xorg-server and its |
24 |
> drivers/libs. Firefox was also update to the more secure 3.0.10. |
25 |
> |
26 |
> Home page: http://opensource.dyc.edu/tinhat |
27 |
> Downloads: http://opensource.dyc.edu/tinhat-downloads |
28 |
> |
29 |
> -- |
30 |
> |
31 |
> Anthony G. Basile, Ph.D. |
32 |
> Chair of Information Technology |
33 |
> D'Youville College |
34 |
> Buffalo, NY 14201 |
35 |
> USA |
36 |
> |
37 |
> (716) 829-8197 |
38 |
> |
39 |
> |
40 |
> |
41 |
> |