| 1 |
On Mon, 26 Mar 2007 11:56:21 -0700 (PDT) Vieri <rentorbuy@×××××.com> |
| 2 |
wrote: |
| 3 |
|
| 4 |
> I see, but the thing is that my system has |
| 5 |
> sys-libs/glibc-2.3.6-r5. I used 2006.1, made the |
| 6 |
> symlink to hardened profile and rsync'ed immediately |
| 7 |
> and emerged system and world. According to forum post: |
| 8 |
> http://forums.gentoo.org/viewtopic-t-539616-highlight-gcc+hardened.html |
| 9 |
> the "trouble" you're referring to should happen if one |
| 10 |
> has glibc-2.4.x. or later, am I right? |
| 11 |
|
| 12 |
Yes. |
| 13 |
|
| 14 |
> I don't want to bother this list too much with my |
| 15 |
> novice questions. Could you please just let me know if |
| 16 |
> I can have a hardened system with |
| 17 |
> sys-libs/glibc-2.3.6-r5 and gcc-4.1.1 and/or |
| 18 |
> gcc-3.4.6? |
| 19 |
|
| 20 |
You need to use gcc-3.4.x for a fully hardened system, as it is the |
| 21 |
only version to currently support PIE and SSP, as you can see from the |
| 22 |
gcc-config output below: |
| 23 |
|
| 24 |
$ gcc-config -l |
| 25 |
[1] x86_64-pc-linux-gnu-3.4.6 |
| 26 |
[2] x86_64-pc-linux-gnu-3.4.6-hardened |
| 27 |
[3] x86_64-pc-linux-gnu-3.4.6-hardenednopie |
| 28 |
[4] x86_64-pc-linux-gnu-3.4.6-hardenednopiessp |
| 29 |
[5] x86_64-pc-linux-gnu-3.4.6-hardenednossp |
| 30 |
[6] x86_64-pc-linux-gnu-4.1.1 * |
| 31 |
|
| 32 |
Full hardened support for glibc-2.5 and gcc-4 should make an appearance |
| 33 |
with the release of 2007.0. |
| 34 |
|
| 35 |
--atj |
| 36 |
-- |
| 37 |
gentoo-hardened@g.o mailing list |
Archives