Gentoo Archives: gentoo-user

From:	Martin Vaeth <martin@×××××.de>
To:	gentoo-user@l.g.o
Subject:	[gentoo-user] Re: Choosing between system profiles: hardened and desktop for desktop installation.
Date:	Fri, 07 Jul 2017 16:50:20
Message-Id:	`slrnolveqf.4t7.martin@lounge.imp.fu-berlin.de`
In Reply to:	Re: [gentoo-user] Re: Choosing between system profiles: hardened and desktop for desktop installation. by R0b0t1

1	R0b0t1 <r030t1@×××××.com> wrote:
2	>
3	> https://wiki.gentoo.org/wiki/Hardened_Gentoo
4	>
5	> The hardened profile still sets PaX and a slew of toolchain options.
6
7	Yes. But marking binaries for pax if you don't use a kernel with pax
8	is pointless. And whether you use the hardened toolchain or a current
9	gcc with USE="ssp pie" does not make a big difference if you have
10	the mentioned LDFLAGS in your make.conf.
11	I think the main difference is that -fstack-protector(-strong?) is
12	used instead of -fstack-protector-all (IMHO the latter is overkill).
13	I am not sure how it is with -fstack-check.