| 1 |
klondike wrote: |
| 2 |
> 2009/6/25 Ed W <lists@××××××××××.com>: |
| 3 |
> |
| 4 |
>> Hi, I can find various posts on blogs referring to hardened working in at |
| 5 |
>> least a limited capacity with GCC4 right now? There is even a (fairly old) |
| 6 |
>> note in the gentoo documentation about upgrading to GCC4.1. However, I |
| 7 |
>> don't see any recent status updates on the list here, or any other official |
| 8 |
>> kind of notices? |
| 9 |
>> |
| 10 |
>> Can someone please perhaps post a summary of where we are with regards to |
| 11 |
>> GCC4? I think a lot of folks want hardened as a "nice to have", so even a |
| 12 |
>> partial implementation would be nice to have, although also it's important |
| 13 |
>> to understand exactly what you are getting |
| 14 |
>> |
| 15 |
>> Anyone able to provide such a summary please? |
| 16 |
>> |
| 17 |
>> FWIW: I'm largely interested in GCC4+hardened+uclibc, which may be better |
| 18 |
>> supported? |
| 19 |
>> |
| 20 |
> I wrote on my blog on that some time ago: |
| 21 |
> http://klondike.xiscosoft.es/klog/2009/03/07/gentoo-hardened-and-gcc-4x-i-installation/ |
| 22 |
> |
| 23 |
> As for now I keep using gcc4-x for desktop and server use without |
| 24 |
> major problems except a few packages who don't detected well the gcc |
| 25 |
> version (and which seem to have been fixed). |
| 26 |
> |
| 27 |
> |
| 28 |
|
| 29 |
Actually this was one of the posts I found already! |
| 30 |
|
| 31 |
However, to be clear I think this achieves a PIE install with no SSP? |
| 32 |
Can anyone confirm this is correct? |
| 33 |
|
| 34 |
Seems like SSP is desirable, but not really sure why it's not so |
| 35 |
straightforward to turn on? |
| 36 |
|
| 37 |
Ed W |
Archives