Archives
Archives
| From: | Ned Ludd <solar@g.o> | ||
|---|---|---|---|
| To: | gentoo-hardened@l.g.o | ||
| Cc: | toolchain@g.o | ||
| Subject: | Re: [gentoo-hardened] Hardened gcc-4 | ||
| Date: | Fri, 15 Feb 2008 03:33:44 | ||
| Message-Id: | 1203046421.5784.11.camel@localhost | ||
| In Reply to: | Re: [gentoo-hardened] Hardened gcc-4 by Ned Ludd |
||
| 1 | On Thu, 2008-01-17 at 11:57 -0800, Ned Ludd wrote: |
| 2 | > On Thu, 2008-01-17 at 20:03 +0100, atoth@××××××××××.hu wrote: |
| 3 | > > I'd like to give it a try. I'd like to help by testing it. |
| 4 | > > I've found this: |
| 5 | > > http://www.gentoo.org/proj/en/hardened/toolchain-upgrade-guide.xml |
| 6 | > > It seems to be a bit outdated, since binutils and glibc versions are all |
| 7 | > > right now by default. Should I just unhardmask gcc-4* and go ahead? |
| 8 | > > What about this one: https://bugs.gentoo.org/show_bug.cgi?id=106690? |
| 9 | > > |
| 10 | > > Provide me some hints, please! |
| 11 | > > (Solar? Kevin?) |
| 12 | > |
| 13 | > Of course there is the KQ overlay. For those who simply want basic |
| 14 | > hardening that have no desire to wait for it to hit the tree. I'd |
| 15 | > suggest just unmasking gcc-4, build it and then injecting some gcc |
| 16 | > specs to handle it auto building hardened alike bins. |
| 17 | > |
| 18 | > One of my setups looks like this. |
| 19 | > |
| 20 | > solar@hangover /etc/env.d/gcc $ gcc-config -l |
| 21 | > [1] x86_64-pc-linux-gnu-3.4.6 |
| 22 | > [2] x86_64-pc-linux-gnu-3.4.6-hardenednopie |
| 23 | > [3] x86_64-pc-linux-gnu-3.4.6-hardenednopiessp |
| 24 | > [4] x86_64-pc-linux-gnu-3.4.6-hardenednossp |
| 25 | > [5] x86_64-pc-linux-gnu-3.4.6-vanilla |
| 26 | > [6] x86_64-pc-linux-gnu-4.1.2 |
| 27 | > [7] x86_64-pc-linux-gnu-4.1.2-hardened * |
| 28 | > |
| 29 | > solar@hangover /etc/env.d/gcc $ cat x86_64-pc-linux-gnu-4.1.2-hardened |
| 30 | > PATH="/usr/x86_64-pc-linux-gnu/gcc-bin/4.1.2" |
| 31 | > ROOTPATH="/usr/x86_64-pc-linux-gnu/gcc-bin/4.1.2" |
| 32 | > GCC_PATH="/usr/x86_64-pc-linux-gnu/gcc-bin/4.1.2" |
| 33 | > LDPATH="/usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2:/usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/32" |
| 34 | > MANPATH="/usr/share/gcc-data/x86_64-pc-linux-gnu/4.1.2/man" |
| 35 | > INFOPATH="/usr/share/gcc-data/x86_64-pc-linux-gnu/4.1.2/info" |
| 36 | > STDCXX_INCDIR="g++-v4" |
| 37 | > GCC_SPECS="/usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/hardened.specs" |
| 38 | > |
| 39 | > |
| 40 | > # |
| 41 | > The line that matters here is the one that defines GCC_SPECS= |
| 42 | > |
| 43 | > http://dev.gentoo.org/~solar/hardened/gcc-4.1.1-x86_64-hardenednossp.specs |
| 44 | > Or |
| 45 | > http://dev.gentoo.org/~solar/hardened/gcc-4.1.1-x86-hardenednossp.specs |
| 46 | > |
| 47 | > |
| 48 | > solar@hangover /etc/env.d/gcc $ wget -O - -q |
| 49 | > http://dev.gentoo.org/~solar/x86_64-pc-linux-gnu-4.1.2-hardened.tar.bz2 |
| 50 | > | tar jtf - |
| 51 | > etc/env.d/gcc/x86_64-pc-linux-gnu-4.1.2-hardened |
| 52 | > usr/lib64/gcc/x86_64-pc-linux-gnu/4.1.2/hardened.specs |
| 53 | > |
| 54 | |
| 55 | Just noticed I did not have 4.1.2 specs for x86 anywhere online.. So |
| 56 | here are some with pie/now/relro/ssp... |
| 57 | |
| 58 | http://tinderbox.dev.gentoo.org/portage/local/misc/i686-pc-linux-gnu-4.1.2-hardened.tar.bz2 |
| 59 | |
| 60 | |
| 61 | -- |
| 62 | gentoo-hardened@l.g.o mailing list |
| Subject | Author |
|---|---|
| Re: [gentoo-hardened] Hardened gcc-4 | atoth@××××××××××.hu |