1 |
Gordon Malm wrote: |
2 |
> Hello Hardened users, this is just a quick heads up. GCC 4.3.4 will be going |
3 |
> stable on hardened profiles shortly. Unlike Hardened GCC 3.4.6, this version |
4 |
> lacks default SSP building. However, FORTIFY_SOURCE=2 |
5 |
> and -fno-strict-overflow are now enabled by default. Other Hardened compiler |
6 |
> features (ex. default relro, bind now & pic/pie building) remain enabled - no |
7 |
> change from 3.4.6. |
8 |
> |
9 |
> It is regretable this must be done before GCC4 is SSP-by-default enabled. |
10 |
> However, more and more packages require the newer GCC. The stable GCC on |
11 |
> Hardened has been GCC 3.4.6 for a long time, but this has become an untenable |
12 |
> situation. GCC4 SSP-by-default works and will be added in a later revision - |
13 |
> some GCC4+SSP bugs in grub and glibc also remain to be fixed. |
14 |
> |
15 |
> |
16 |
|
17 |
Anyone got any empirical reports on upgrading a uclibc hardened system? |
18 |
Lack of TLS in uclibc appears to be a potential issue? |
19 |
|
20 |
Natanael Copa has previously reported very widespread success using gcc |
21 |
4.4.1 + uclibc with apparently fairly minimal additional patches? |
22 |
I guess gcc 4.4 isn't yet stable on any profiles, but does gcc4.4 buy |
23 |
us anything generally in terms of getting hardened+ssp stable? |
24 |
|
25 |
Cheers |
26 |
|
27 |
Ed W |