Gentoo Archives: gentoo-hardened

From: Ned Ludd <solar@g.o>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] Hardened gcc-4
Date: Fri, 18 Jan 2008 07:16:46
Message-Id: 1200640603.5198.37.camel@localhost
In Reply to: Re: [gentoo-hardened] Hardened gcc-4 by atoth@atoth.sote.hu
On Fri, 2008-01-18 at 04:46 +0100, atoth@××××××××××.hu wrote:
> On Csü, Január 17, 2008 20:57, Ned Ludd wrote: > > > > On Thu, 2008-01-17 at 20:03 +0100, atoth@××××××××××.hu wrote:
[snip]
> > Note: That both of the methods I have shown do not enable SSP in gcc-4. > > > > Thanks for the suggestions. > BTW: why don't you enable SSP? If
> I would spend my time on separate specs, I would surely go for SSP as well.
You are more than welcome to edit the specs for yourself and add the ssp rules as well. I'm not a big fan of moving forward with ssp myself and pie/relro/now is cheap/easy suits most of my needs so why not take advantage of it.. If you want add ssp to those specs you can probably more or less base them easy enough off the gcc-3.x specs. Should/Would look something nearly exactly like this *cc1_ssp: %{!D__KERNEL__: %{!nostdlib: %{!fno-stack-protector: -fstack-protector %{!D_LIBC: %{!D_LIBC_REENTRANT: %{!fno-stack-protector-all: -fstack-protector} } } } } } Then in the *cc1 section change *cc1: %(cc1_cpu) %{profile:-p} %(cc1_pie) to *cc1: %(cc1_cpu) %{profile:-p} %(cc1_pie) %(cc1_ssp)
> Are there any known problems?
yes, but please don't ask me to document them for you. -- gentoo-hardened@l.g.o mailing list

Replies

Subject Author
Re: [gentoo-hardened] Hardened gcc-4 atoth@××××××××××.hu