| 1 |
Thanks for the note. |
| 2 |
|
| 3 |
> Hi, |
| 4 |
> |
| 5 |
> did you upgrade to gcc-4.1? If yes you may not use the hardened profile |
| 6 |
> but the hardened use flag. gcc-4.1 is not yet supported by the hardened |
| 7 |
> profile. AFAIK |
| 8 |
|
| 9 |
Yep..... :-( |
| 10 |
|
| 11 |
|
| 12 |
> |
| 13 |
> View your current profile |
| 14 |
> ls -l /etc/make.profile |
| 15 |
|
| 16 |
I had a standard profile; now it's hardened, with my make.conf file |
| 17 |
supplemented with the use flags no longer on by default. |
| 18 |
|
| 19 |
> |
| 20 |
> How to switch to the hardened profile |
| 21 |
> http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml#hardenedprofile |
| 22 |
|
| 23 |
Thanks - I've done that (hardened profile) this time around as I rebuild. |
| 24 |
|
| 25 |
> |
| 26 |
> [OT] Note for the doc devs |
| 27 |
> By reading some lists for a while now it seems that there are many |
| 28 |
> people out there which followed the hardened tutorial. The problem is |
| 29 |
> that you do not mention that users have to switch to the hardened |
| 30 |
> profile. I only found this in the FAQ. |
| 31 |
> I also followed the hardened tutorial and thought I am using it but I |
| 32 |
> only had the hardened use flag and a hardened kernel with grsec and pax |
| 33 |
> enabled. Nothing more. Maybe it is possible to add some information |
| 34 |
> about how to really switch to the hardened profile in the tutorial. |
| 35 |
|
| 36 |
Well, I built this over a year ago, and never caught the hardened profile |
| 37 |
comment - I'm a newbie and got the impression that one only needed to put |
| 38 |
in "hardened pic". As you point out, others fell into this situation as |
| 39 |
well. |
| 40 |
|
| 41 |
FWIW, the hardend sources project works great IMHO, but documentation |
| 42 |
ought to do two things: |
| 43 |
|
| 44 |
1. Redo the FAQ page. All of the pieces are there, but they're spread all |
| 45 |
over the page. Create one section that sequentially covers the steps on |
| 46 |
how to create a hardened profile/kernel. For example, at this time, it |
| 47 |
would advise the user to start with 2006.0 (doesn't say it now, and I bet |
| 48 |
someone will start with 2006.1). |
| 49 |
|
| 50 |
It'll also list the flags that are in the standard profile that are not in |
| 51 |
the hardened - all in sequential order, not spread about. |
| 52 |
|
| 53 |
2. Declare the GCC update NA for hardened users - in the GCC update guide. |
| 54 |
There is some sort of vague reference to hardened in the guide, but it |
| 55 |
sure didn't click with me. |
| 56 |
|
| 57 |
|
| 58 |
|
| 59 |
-- |
| 60 |
gentoo-hardened@g.o mailing list |
Archives