1 |
On Tue, 2004-11-30 at 13:12 +0000, David Cannings wrote: |
2 |
> The page at http://www.gentoo.org/proj/en/hardened/propolice.xml |
3 |
> suggests the following regarding SSP: |
4 |
> |
5 |
> "If you would the protection on by default add -fstack-protector to your |
6 |
> CFLAGS in /etc/make.conf." |
7 |
> |
8 |
> However, this is contradicted by other pages on the hardened project |
9 |
> website which say USE="hardened" is the correct way. Obviously |
10 |
> USE="hardened" is correct (as it implies -fstack-protector-all), but the |
11 |
> above could confuse people. |
12 |
> |
13 |
> I arrived at that page from the grsecurity/PaX documentation at |
14 |
> http://www.gentoo.org/proj/en/hardened/grsecurity2.xml, I can't see it |
15 |
> linked elsewhere but I haven't looked exhaustively. |
16 |
> |
17 |
> The rest of the documentation is great, it seems the Gentoo documents |
18 |
> cover more than the grsecurity ones in some aspects. I've now got a |
19 |
> kernel with PaX/grsecurity and I'm just rebuilding world to get SSP. |
20 |
|
21 |
Unfortunately that propolice document is outdated in several aspects and |
22 |
shouldn't be linked by any current documents so thanks for pointing this |
23 |
out. I am in the process of writing a more complete and up-to-date SSP |
24 |
guide that will replace that guide in the future. |
25 |
|
26 |
For now the most up-to-date explanation regarding turning on SSP |
27 |
building is probably in the Hardened FAQ: |
28 |
|
29 |
http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml#hardenedcflags |
30 |
|
31 |
-- |
32 |
Adam Mondl <tocharian@××××××.org> |