| 1 |
On Fri, 2008-01-18 at 21:03 +0100, atoth@××××××××××.hu wrote: |
| 2 |
> Hi Solar! |
| 3 |
> |
| 4 |
> Thank you for sharing all these valuable informations with us. |
| 5 |
> |
| 6 |
> -- |
| 7 |
> dr Tóth Attila, Radiológus Szakorvos jelölt, 06-20-825-8057, 06-30-5962-962 |
| 8 |
> Attila Toth MD, Radiologist in Training, +36-20-825-8057, +36-30-5962-962 |
| 9 |
> |
| 10 |
> On Pén, Január 18, 2008 08:16, Ned Ludd wrote: |
| 11 |
> > |
| 12 |
> > On Fri, 2008-01-18 at 04:46 +0100, atoth@××××××××××.hu wrote: |
| 13 |
> >> On Csü, Január 17, 2008 20:57, Ned Ludd wrote: |
| 14 |
> >> > |
| 15 |
> >> > On Thu, 2008-01-17 at 20:03 +0100, atoth@××××××××××.hu wrote: |
| 16 |
> > |
| 17 |
> > [snip] |
| 18 |
> > |
| 19 |
> >> > Note: That both of the methods I have shown do not enable SSP in |
| 20 |
> >> gcc-4. |
| 21 |
> >> > |
| 22 |
> >> |
| 23 |
> >> Thanks for the suggestions. |
| 24 |
> >> BTW: why don't you enable SSP? If |
| 25 |
> > |
| 26 |
> > |
| 27 |
> >> I would spend my time on separate specs, I would surely go for SSP as |
| 28 |
> >> well. |
| 29 |
> > |
| 30 |
> > You are more than welcome to edit the specs for yourself and add the |
| 31 |
> > ssp rules as well. I'm not a big fan of moving forward with ssp myself |
| 32 |
> > and pie/relro/now is cheap/easy suits most of my needs so why not take |
| 33 |
> > advantage of it.. |
| 34 |
> > |
| 35 |
> > If you want add ssp to those specs you can probably more or less base |
| 36 |
> > them easy enough off the gcc-3.x specs. |
| 37 |
> > |
| 38 |
> > Should/Would look something nearly exactly like this |
| 39 |
> [snip] |
| 40 |
> > |
| 41 |
> >> Are there any known problems? |
| 42 |
> > |
| 43 |
> > yes, but please don't ask me to document them for you. |
| 44 |
> > |
| 45 |
> |
| 46 |
> I would never ever ask you for that... |
| 47 |
> |
| 48 |
> I would rather avoid tampering with eclass functions (using KQ overlay). |
| 49 |
> As I can make it out: ssp is built into gcc version 4.1+ taken from the |
| 50 |
> regular portage tree. KQ's version discards two patches, but applies a pie |
| 51 |
> patch. KQ's glibc installs a handler and takes care of unsupported and |
| 52 |
> supported archs. |
| 53 |
> |
| 54 |
> I'll follow your advice and create some specs for the system. I wonder if |
| 55 |
> the spec files from KQ's overlay could be used along with current portage |
| 56 |
> toolchain ebuilds (gcc-4.1.1-r3 or gcc-4.1.2 and glibc-2.6.1)? I'm worried |
| 57 |
> about the pie patch missing... |
| 58 |
> |
| 59 |
> What is the reason you are not keen on ssp as a security-focused developer? |
| 60 |
|
| 61 |
|
| 62 |
Sorry I should of clarified. What I'm keen on, is not talking about |
| 63 |
gcc-4.x at all. Really I posted the info here not just for you but for |
| 64 |
others who might be looking/searching to do the same thing. More or less |
| 65 |
so I would hopefully not have to be bugged about gcc-4.x again for |
| 66 |
another 6months. I really don't like talking about it as it personally |
| 67 |
frustrates me. You would have to search our archives here to see when I |
| 68 |
let go of maintainer-ship of the hardened-toolchain for more details. |
| 69 |
|
| 70 |
Good luck... |
| 71 |
|
| 72 |
|
| 73 |
-- |
| 74 |
Ned Ludd <solar@g.o> |
| 75 |
Gentoo Linux |
| 76 |
|
| 77 |
-- |
| 78 |
gentoo-hardened@l.g.o mailing list |
Archives