From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 31831 invoked from network); 21 Sep 2004 23:06:17 +0000 Received: from smtp.gentoo.org (156.56.111.197) by lists.gentoo.org with AES256-SHA encrypted SMTP; 21 Sep 2004 23:06:17 +0000 Received: from lists.gentoo.org ([156.56.111.196] helo=parrot.gentoo.org) by smtp.gentoo.org with esmtp (Exim 4.41) id 1C9tiD-0003T4-4A for arch-gentoo-dev@lists.gentoo.org; Tue, 21 Sep 2004 23:06:17 +0000 Received: (qmail 925 invoked by uid 89); 21 Sep 2004 23:06:16 +0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 5553 invoked from network); 21 Sep 2004 23:06:16 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-dev@lists.gentoo.org From: Duncan <1i5t5.duncan@cox.net> Date: Tue, 21 Sep 2004 16:06:06 -0700 Organization: Sometimes Message-ID: References: <1095789660.8317.1590.camel@simple> Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1250 Content-Transfer-Encoding: 8bit X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: ip68-230-66-58.ph.ph.cox.net User-Agent: Pan/0.14.2.91 (As She Crawled Across the Table) Sender: news Cc: gentoo-hardened@lists.gentoo.org Subject: [gentoo-dev] Re: Not considering dropping the hardened toolchain X-Archives-Salt: 90f9b9b9-7422-4112-921f-e8027c71a7dd X-Archives-Hash: 5c8e4513453ce5e4b9aafc69f12063a2 Ned Ludd posted <1095789660.8317.1590.camel@simple>, excerpted below, on Tue, 21 Sep 2004 14:01:00 -0400: > ------------------------------------------------------------------------ > 1) Re review the existing packages which filter-flags -fPIC and find > more creative solutions to them. > ------------------------------------------------------------------------ > ------------------------------------------------------------------------ > 3) Better documentation. > Adam Mondl has started in on this task. So far he has developed a quick > intro of what's up with xorg and a hardened toolchain. > http://hardened.gentoo.org/hardenedxorg.xml > > He is also working on a Hardened FAQ which has not been published yet. > http://tocharian.ath.cx/hardened/hardenedfaq.html FWIW as a user that thought hardened look like a good idea and tried it, then gave up (due to the xorg issue), a few months ago, when I was new at Gentoo.. 1) I use amd64, which is -fPIC by definition, so naturally anything that makes that easier for the amd64 herd is definitely considered a good thing here! They also likely already have a pretty good idea of what packages are involved, as well. =:^) 3) Documentation of the normal Gentoo calibre would be /tremendously/ useful. As I said, I'm interested, but have little enough idea what I'm doing and indeed how it fits in with the already different amd64 arch, that I eventually decided it wasn't worth screwing with ATM and put it off for later, when I at least had normal Gentoo down and working as desired. That said, I /definitely/ appreciate the possibility of it in Gentoo and would have been sad to see it go, yet didn't contribute to the previous discussion because at this point I'm little more than yet another demanding user drawing on the precious resources of others, and if there already weren't enough resources for it, I'd be sad it was going away, but there'd be little I could do to help so any contributions I could make to the earlier thread would be little more than noise. Given something as solidly useful as the Gentoo handbook, however, but for hardened, with enough of an information base to actually work with when things didn't go quite right, I could easily see myself switching to hardened, and running my dual opteron workstation with an amd64-hardened profile. (One of my frustrations so far has been that while I keep reading that AMD64 was designed with some hardened features, like nx stack, implemented in hardware, I don't even know how many of those features are enabled by default on the platform, nor could I say whether there is even the /option/ to not have them. Is it like sse and therefore something I /shouldn't/ specify because the platform includes it by definition? Is it a reversable toggle sort of thing so if it's on by default and I specify it, it actually turns it /off/? A Gentoo calibre document that answered these sorts of questions definitively would be /immensely/ useful, here, establishing a sort of knowledge base from which my "practical knowledge" of the subject could grow. Without that, I'm lost enough I really don't know where to start.) Anyway, your efforts are appreciated, and with Gentoo's efforts in the area already recognized by others, it'd both be a shame to see it end, so I'm glad its not, and even /more/ spectacular if Gentoo's well recognized strength of documentation could be applied in this area as well, making Gentoo the distrib of choice for the user wishing to become a power admin in this area, much as it already is for the user with general power admin designs, due to the "from source" meta-distribution aspects. -- Duncan - List replies preferred. No HTML msgs. "They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." -- Benjamin Franklin -- gentoo-dev@gentoo.org mailing list