| 1 |
Derrick Hendricks wrote: |
| 2 |
> I'm running a firewall for our work network using hardened gentoo. |
| 3 |
you dont use the hardened profile as far as i can see. |
| 4 |
|
| 5 |
> Emerges have been working fine until now. I'm getting errors in the |
| 6 |
> builds saying that my gcc is out of date. I've upgraded other machines |
| 7 |
> that had this problem, and had no real problems in the upgrade. |
| 8 |
> |
| 9 |
> However, in looking at a gcc-config -l, I noticed that I'm using the |
| 10 |
> 3.3.6 compiler, and not the hardened version. I have choices of other |
| 11 |
yeah i see |
| 12 |
|
| 13 |
> compilers that I could upgrade to. Some of them being the hardened |
| 14 |
> varieties. So, I'm wondering which kernel I should upgrade to. |
| 15 |
> |
| 16 |
> I seem to remember reading from before that you should not use a |
| 17 |
> hardened compiler unless you are a developer. I don't remember where, |
| 18 |
that's not true. |
| 19 |
|
| 20 |
> but I think that's why I'm not using the hardened version of the current |
| 21 |
> compiler. |
| 22 |
|
| 23 |
well, the hardened PIE SSP compiler emits more secure object code to |
| 24 |
binaries. PIE makes the stuff mostly readonly, while SSP takes care of |
| 25 |
preventing (or detecting rather) stack overflow attacks. |
| 26 |
|
| 27 |
> |
| 28 |
> Here are my kernel choices: |
| 29 |
> [1] i686-pc-linux-gnu-3.3.6 * |
| 30 |
> [2] i686-pc-linux-gnu-3.3.6-hardened |
| 31 |
> [3] i686-pc-linux-gnu-3.3.6-hardenednopie |
| 32 |
> [4] i686-pc-linux-gnu-3.3.6-hardenednopiessp |
| 33 |
> [5] i686-pc-linux-gnu-3.3.6-hardenednossp |
| 34 |
> [6] i686-pc-linux-gnu-3.4.6 |
| 35 |
> [7] i686-pc-linux-gnu-3.4.6-hardened |
| 36 |
this one |
| 37 |
|
| 38 |
> [8] i686-pc-linux-gnu-3.4.6-hardenednopie |
| 39 |
> [9] i686-pc-linux-gnu-3.4.6-hardenednopiessp |
| 40 |
> [10] i686-pc-linux-gnu-3.4.6-hardenednossp |
| 41 |
> [11] i686-pc-linux-gnu-4.1.1 |
| 42 |
> |
| 43 |
> |
| 44 |
> Which one should I upgrade to? |
| 45 |
|
| 46 |
see above |
| 47 |
|
| 48 |
|
| 49 |
Alex |
| 50 |
-- |
| 51 |
gentoo-hardened@g.o mailing list |
Archives