| 1 |
Gordon Malm wrote: |
| 2 |
> Hello Hardened users, this is just a quick heads up. GCC 4.3.4 will be going |
| 3 |
> stable on hardened profiles shortly. Unlike Hardened GCC 3.4.6, this version |
| 4 |
> lacks default SSP building. However, FORTIFY_SOURCE=2 |
| 5 |
> and -fno-strict-overflow are now enabled by default. Other Hardened compiler |
| 6 |
> features (ex. default relro, bind now & pic/pie building) remain enabled - no |
| 7 |
> change from 3.4.6. |
| 8 |
> |
| 9 |
> It is regretable this must be done before GCC4 is SSP-by-default enabled. |
| 10 |
> However, more and more packages require the newer GCC. The stable GCC on |
| 11 |
> Hardened has been GCC 3.4.6 for a long time, but this has become an untenable |
| 12 |
> situation. GCC4 SSP-by-default works and will be added in a later revision - |
| 13 |
> some GCC4+SSP bugs in grub and glibc also remain to be fixed. |
| 14 |
> |
| 15 |
> |
| 16 |
|
| 17 |
Anyone got any empirical reports on upgrading a uclibc hardened system? |
| 18 |
Lack of TLS in uclibc appears to be a potential issue? |
| 19 |
|
| 20 |
Natanael Copa has previously reported very widespread success using gcc |
| 21 |
4.4.1 + uclibc with apparently fairly minimal additional patches? |
| 22 |
I guess gcc 4.4 isn't yet stable on any profiles, but does gcc4.4 buy |
| 23 |
us anything generally in terms of getting hardened+ssp stable? |
| 24 |
|
| 25 |
Cheers |
| 26 |
|
| 27 |
Ed W |
Archives