1 |
Derrick Hendricks wrote: |
2 |
> I'm running a firewall for our work network using hardened gentoo. |
3 |
you dont use the hardened profile as far as i can see. |
4 |
|
5 |
> Emerges have been working fine until now. I'm getting errors in the |
6 |
> builds saying that my gcc is out of date. I've upgraded other machines |
7 |
> that had this problem, and had no real problems in the upgrade. |
8 |
> |
9 |
> However, in looking at a gcc-config -l, I noticed that I'm using the |
10 |
> 3.3.6 compiler, and not the hardened version. I have choices of other |
11 |
yeah i see |
12 |
|
13 |
> compilers that I could upgrade to. Some of them being the hardened |
14 |
> varieties. So, I'm wondering which kernel I should upgrade to. |
15 |
> |
16 |
> I seem to remember reading from before that you should not use a |
17 |
> hardened compiler unless you are a developer. I don't remember where, |
18 |
that's not true. |
19 |
|
20 |
> but I think that's why I'm not using the hardened version of the current |
21 |
> compiler. |
22 |
|
23 |
well, the hardened PIE SSP compiler emits more secure object code to |
24 |
binaries. PIE makes the stuff mostly readonly, while SSP takes care of |
25 |
preventing (or detecting rather) stack overflow attacks. |
26 |
|
27 |
> |
28 |
> Here are my kernel choices: |
29 |
> [1] i686-pc-linux-gnu-3.3.6 * |
30 |
> [2] i686-pc-linux-gnu-3.3.6-hardened |
31 |
> [3] i686-pc-linux-gnu-3.3.6-hardenednopie |
32 |
> [4] i686-pc-linux-gnu-3.3.6-hardenednopiessp |
33 |
> [5] i686-pc-linux-gnu-3.3.6-hardenednossp |
34 |
> [6] i686-pc-linux-gnu-3.4.6 |
35 |
> [7] i686-pc-linux-gnu-3.4.6-hardened |
36 |
this one |
37 |
|
38 |
> [8] i686-pc-linux-gnu-3.4.6-hardenednopie |
39 |
> [9] i686-pc-linux-gnu-3.4.6-hardenednopiessp |
40 |
> [10] i686-pc-linux-gnu-3.4.6-hardenednossp |
41 |
> [11] i686-pc-linux-gnu-4.1.1 |
42 |
> |
43 |
> |
44 |
> Which one should I upgrade to? |
45 |
|
46 |
see above |
47 |
|
48 |
|
49 |
Alex |
50 |
-- |
51 |
gentoo-hardened@g.o mailing list |