Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Alexander Gabert <pappy@g.o>
To: "Peter S. Mazinger" <ps.m@×××.net>
Cc: gentoo-hardened@g.o
Subject: [gentoo-hardened] Re: hardened-gcc-3.3.2.1
Date: Mon, 15 Dec 2003 14:44:33
Message-Id: 1071507446.28215.3.camel@camille.external
In Reply to: [gentoo-hardened] Re: hardened-gcc-3.3.2.1 by "Peter S. Mazinger"
1 after all, change this also:
2 HGCC_33_DEFAULT_SPECS_CC1_SECTION_PIC_ACTIVATION="%{!yet_exec: %{!nopie:
3 -fPIC %{!static: -fpie}}}"
4
5
6 thanks in advance,
7
8 Alex
9
10 On Mon, 2003-12-15 at 15:06, Peter S. Mazinger wrote:
11 > On Mon, 15 Dec 2003, Peter S. Mazinger wrote:
12 >
13 > New problem: I have rebuilt rpm-4.0.4 and got text relocation in
14 > librpmbuild shared library hardened-gcc-3.3.2.0 worked)
15 > I think we have to enforce -fPIC for all (also for static, because if
16 > later a binary is built against static and dynamic libraries, it will have
17 > problems (like bash's included readline, this is static)
18 > The problem happens with libraries due to the change in cc1 section from
19 > -fPIC to -fPIC -fpie (simple test: build zlib w/o the pic patch)
20 >
21 > > Hello!
22 > >
23 > > The link section has a !static redundancy (from EXC_FRONT and
24 > > PIE_ACTIVATION), see attached diff (edited manually based on hcc.conf and
25 > > the scripts)
26 > >
27 > > Why is crt1S.o added in the default config, the conservative one adds
28 > > Scrt1.o? (crt1S.S is the same as in hardened 2.4.6 non_csu version), it is
29 > > rather a glibc issue having it or not.
30 > >
31 > > Also I am not so sure about the stack-protector[-all] running together, I
32 > > have the impression, that they work separately, but for all cases I would
33 > > suggest the possibility to use only fstack-protector if -all is
34 > > deactivated (there could be some apps that cannot be built with -all) like
35 > > this, or similar
36 > > %{!yno_propolice: %{!fno-stack-protector: -fstack-protector}
37 > > %{!fno-stack-protector-all: -fstack-protector-all}}.
38 > >
39 > > I do not really know which one needs fforce-addr (the kernel works with
40 > > both, using my patch -earlier mail, but does not like fforce-addr).
41 > > So adapt accordingly.
42 > >
43 > > Peter
44 > >
45 > >
46 --
47 Alexander Gabert <pappy@g.o>
48 http://www.gentoo.org/proj/en/hardened
49
50
51 --
52 gentoo-hardened@g.o mailing list

Replies

Subject Author
[gentoo-hardened] Re: hardened-gcc-3.3.2.1 "Peter S. Mazinger" <ps.m@×××.net>
Report Message
Find on MARC Find on Google Groups