| 1 |
On 03/15/2011 04:28 PM, Grant wrote: |
| 2 |
>>>>> A dev is asking me to switch to a hardened profile in order to test a |
| 3 |
>>>>> fix. I'm happy to go through the process, but is there a chance my |
| 4 |
>>>>> laptop could be unusable after the switch? If that happens I'll be in |
| 5 |
>>>>> real trouble. Will I be able to switch back to a non-hardened profile |
| 6 |
>>>>> afterward? I plan to follow this guide: |
| 7 |
>>>>> |
| 8 |
>>>>> http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml#hardenedprofile |
| 9 |
>>>>> |
| 10 |
>>>>> BTW, are emerge -e world and emerge -e system both necessary? I |
| 11 |
>>>>> thought emerge -e world would rebuild everything. |
| 12 |
>>>> |
| 13 |
>>>> Switching to hardened is safe. The switch back should be, too, although |
| 14 |
>>>> I haven't personally tried it. (Why would you switch back?) |
| 15 |
>>> |
| 16 |
>>> I originally had my laptop on a hardened profile (I think it was a |
| 17 |
>>> couple laptops back) but there were so many problems I eventually gave |
| 18 |
>>> up. I remember doing a lot of system reinstalling as I switched |
| 19 |
>>> profiles around. I don't have time to reinstall my system right now |
| 20 |
>>> so I'm trying to be sure I can switch to hardened (and from hardened |
| 21 |
>>> if necessary) without reinstalling. |
| 22 |
>> |
| 23 |
>> If you don't run a hardened kernel, "sudo gcc-config 5" (assuming 5 is |
| 24 |
>> the vanilla gcc on your machine...) will switch you back to the vanilla |
| 25 |
>> gcc. No need to switch profiles or recompile anything. |
| 26 |
> |
| 27 |
> I do run a hardened kernel, but you're saying if I switch to gcc-5 I |
| 28 |
> should be able to test for a crash that was previously exhibited under |
| 29 |
> a hardened profile? |
| 30 |
> |
| 31 |
|
| 32 |
I think (completely unscientifically) that most of the day-to-day |
| 33 |
problems are caused by the hardening features in the kernel rather than |
| 34 |
by GCC's hardening features. |
| 35 |
|
| 36 |
When you compile a hardened GCC, you also get the vanilla, unhardened |
| 37 |
GCC installed. So if you see e.g. a compile failure using hardened GCC, |
| 38 |
you can just switch to the vanilla GCC to see if that fixes it. On my |
| 39 |
machine, |
| 40 |
|
| 41 |
$ sudo gcc-config -l |
| 42 |
[1] x86_64-pc-linux-gnu-4.4.5 * |
| 43 |
[2] x86_64-pc-linux-gnu-4.4.5-hardenednopie |
| 44 |
[3] x86_64-pc-linux-gnu-4.4.5-hardenednopiessp |
| 45 |
[4] x86_64-pc-linux-gnu-4.4.5-hardenednossp |
| 46 |
[5] x86_64-pc-linux-gnu-4.4.5-vanilla |
| 47 |
|
| 48 |
it's the fifth option. |
| 49 |
|
| 50 |
Summary: if you have problems on hardened, you can always switch to |
| 51 |
vanilla GCC and reboot to a non-hardened kernel. You don't have to |
| 52 |
recompile anything or switch profiles again. |
Archives