| 1 |
Hi Solar! |
| 2 |
|
| 3 |
Thank you for sharing all these valuable informations with us. |
| 4 |
|
| 5 |
-- |
| 6 |
dr Tóth Attila, Radiológus Szakorvos jelölt, 06-20-825-8057, 06-30-5962-962 |
| 7 |
Attila Toth MD, Radiologist in Training, +36-20-825-8057, +36-30-5962-962 |
| 8 |
|
| 9 |
On Pén, Január 18, 2008 08:16, Ned Ludd wrote: |
| 10 |
> |
| 11 |
> On Fri, 2008-01-18 at 04:46 +0100, atoth@××××××××××.hu wrote: |
| 12 |
>> On Csü, Január 17, 2008 20:57, Ned Ludd wrote: |
| 13 |
>> > |
| 14 |
>> > On Thu, 2008-01-17 at 20:03 +0100, atoth@××××××××××.hu wrote: |
| 15 |
> |
| 16 |
> [snip] |
| 17 |
> |
| 18 |
>> > Note: That both of the methods I have shown do not enable SSP in |
| 19 |
>> gcc-4. |
| 20 |
>> > |
| 21 |
>> |
| 22 |
>> Thanks for the suggestions. |
| 23 |
>> BTW: why don't you enable SSP? If |
| 24 |
> |
| 25 |
> |
| 26 |
>> I would spend my time on separate specs, I would surely go for SSP as |
| 27 |
>> well. |
| 28 |
> |
| 29 |
> You are more than welcome to edit the specs for yourself and add the |
| 30 |
> ssp rules as well. I'm not a big fan of moving forward with ssp myself |
| 31 |
> and pie/relro/now is cheap/easy suits most of my needs so why not take |
| 32 |
> advantage of it.. |
| 33 |
> |
| 34 |
> If you want add ssp to those specs you can probably more or less base |
| 35 |
> them easy enough off the gcc-3.x specs. |
| 36 |
> |
| 37 |
> Should/Would look something nearly exactly like this |
| 38 |
[snip] |
| 39 |
> |
| 40 |
>> Are there any known problems? |
| 41 |
> |
| 42 |
> yes, but please don't ask me to document them for you. |
| 43 |
> |
| 44 |
|
| 45 |
I would never ever ask you for that... |
| 46 |
|
| 47 |
I would rather avoid tampering with eclass functions (using KQ overlay). |
| 48 |
As I can make it out: ssp is built into gcc version 4.1+ taken from the |
| 49 |
regular portage tree. KQ's version discards two patches, but applies a pie |
| 50 |
patch. KQ's glibc installs a handler and takes care of unsupported and |
| 51 |
supported archs. |
| 52 |
|
| 53 |
I'll follow your advice and create some specs for the system. I wonder if |
| 54 |
the spec files from KQ's overlay could be used along with current portage |
| 55 |
toolchain ebuilds (gcc-4.1.1-r3 or gcc-4.1.2 and glibc-2.6.1)? I'm worried |
| 56 |
about the pie patch missing... |
| 57 |
|
| 58 |
What is the reason you are not keen on ssp as a security-focused developer? |
| 59 |
|
| 60 |
Again: thx for your efforts. |
| 61 |
|
| 62 |
Regards, |
| 63 |
Dw. |
| 64 |
|
| 65 |
-- |
| 66 |
gentoo-hardened@l.g.o mailing list |
Archives