Gentoo Archives: gentoo-hardened

From: Ned Ludd <solar@g.o>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] Hardened gcc-4
Date: Fri, 18 Jan 2008 07:16:46
Message-Id: 1200640603.5198.37.camel@localhost
In Reply to: Re: [gentoo-hardened] Hardened gcc-4 by atoth@atoth.sote.hu
1 On Fri, 2008-01-18 at 04:46 +0100, atoth@××××××××××.hu wrote:
2 > On Csü, Január 17, 2008 20:57, Ned Ludd wrote:
3 > >
4 > > On Thu, 2008-01-17 at 20:03 +0100, atoth@××××××××××.hu wrote:
5
6 [snip]
7
8 > > Note: That both of the methods I have shown do not enable SSP in gcc-4.
9 > >
10 >
11 > Thanks for the suggestions.
12 > BTW: why don't you enable SSP? If
13
14
15 > I would spend my time on separate specs, I would surely go for SSP as well.
16
17 You are more than welcome to edit the specs for yourself and add the
18 ssp rules as well. I'm not a big fan of moving forward with ssp myself
19 and pie/relro/now is cheap/easy suits most of my needs so why not take
20 advantage of it..
21
22 If you want add ssp to those specs you can probably more or less base
23 them easy enough off the gcc-3.x specs.
24
25 Should/Would look something nearly exactly like this
26
27 *cc1_ssp:
28 %{!D__KERNEL__: %{!nostdlib: %{!fno-stack-protector: -fstack-protector
29 %{!D_LIBC: %{!D_LIBC_REENTRANT: %{!fno-stack-protector-all:
30 -fstack-protector} } } } } }
31
32 Then in the *cc1 section change
33
34 *cc1:
35 %(cc1_cpu) %{profile:-p} %(cc1_pie)
36
37 to
38
39 *cc1:
40 %(cc1_cpu) %{profile:-p} %(cc1_pie) %(cc1_ssp)
41
42
43 > Are there any known problems?
44
45 yes, but please don't ask me to document them for you.
46
47
48 --
49 gentoo-hardened@l.g.o mailing list

Replies

Subject Author
Re: [gentoo-hardened] Hardened gcc-4 atoth@××××××××××.hu