| 1 |
Stefan SF wrote: |
| 2 |
|
| 3 |
> Hi, |
| 4 |
> |
| 5 |
> |
| 6 |
>>DO NOT add -fstack-protector, -fPIC, etc to CFLAGS. These are provided |
| 7 |
>>by the gcc specfiles. DO NOT add USE=nptl or use 2.6 headers. Otherwise, |
| 8 |
>>go freakin nuts and test the hell out of these things. |
| 9 |
> |
| 10 |
> |
| 11 |
> I've still installed the "normal" gentoo system. But now I want to upgrade to hardened gentoo. The only thing I have to do putting "hardened" to the USE-flag. Is this right? You have wrote that the specfiles already include the -fstack-protector. Do I have to install the specfiles seperately or are they already installed by the normal installation of gcc etc? |
| 12 |
> |
| 13 |
> cu, Stefan |
| 14 |
converting a system to the hardened stuff: |
| 15 |
|
| 16 |
put USE="hardened" in your make.conf and issue the following commands: |
| 17 |
|
| 18 |
# emerge binutils glibc gcc |
| 19 |
This pulls the toolchain up to hardened standards (remember: no NPTL and |
| 20 |
no 2.6.6 headers so far please) |
| 21 |
|
| 22 |
# emerge -euv world |
| 23 |
This makes your packages automatically hardened when recompiled with the |
| 24 |
new toolchain |
| 25 |
|
| 26 |
Thanks for using this stuff, |
| 27 |
|
| 28 |
Alex |
| 29 |
-- |
| 30 |
Chaos is just a perceptional disorder of reality. |
| 31 |
|
| 32 |
-- |
| 33 |
gentoo-hardened@g.o mailing list |
Archives