From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1NZXFm-0001mJ-L2 for garchives@archives.gentoo.org; Mon, 25 Jan 2010 22:17:50 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id DE579E0D10; Mon, 25 Jan 2010 22:16:36 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id BAEB2E0D10 for ; Mon, 25 Jan 2010 22:16:36 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 6980567CB8 for ; Mon, 25 Jan 2010 22:16:36 +0000 (UTC) X-Virus-Scanned: amavisd-new at gentoo.org X-Spam-Score: -2.902 X-Spam-Level: X-Spam-Status: No, score=-2.902 required=5.5 tests=[AWL=-0.303, BAYES_00=-2.599] Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lRg69xYuTpaw for ; Mon, 25 Jan 2010 22:16:30 +0000 (UTC) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id B2CAA674C5 for ; Mon, 25 Jan 2010 22:16:25 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.50) id 1NZXDT-0008Sn-JD for gentoo-hardened@gentoo.org; Mon, 25 Jan 2010 23:15:27 +0100 Received: from liten.csbnet.se ([95.80.45.98]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 25 Jan 2010 23:15:27 +0100 Received: from xake by liten.csbnet.se with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 25 Jan 2010 23:15:27 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-hardened@lists.gentoo.org From: Peter Hjalmarsson Subject: [gentoo-hardened] Re: SSP in GCC 4 Date: Mon, 25 Jan 2010 23:14:07 +0100 Message-ID: <1264457647.18616.8.camel@lillen.dodi> References: <201001250034.31584.mike@home.gaima.co.uk> <201001242228.24156.kutulu@kutulu.org> <201001251910.55791.mike@home.gaima.co.uk> <4B5DFBFD.3020704@kutulu.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: liten.csbnet.se In-Reply-To: <4B5DFBFD.3020704@kutulu.org> X-Mailer: Evolution 2.29.5 Sender: news X-Archives-Salt: ead5fb87-2910-42b3-bce6-3e046195f0ab X-Archives-Hash: b3256a2522a7e1b542d24b2e4767fdd7 m=C3=A5n 2010-01-25 klockan 15:15 -0500 skrev Mike Edenfield: > I also have glibc unmasked, but I think that's a remnant from a while=20 > ago and probably not necessary. The latest version in the overlay is > 2.9. >=20 > If you are running ~arch you'll pick up a few more things from the=20 > overlay, like grub and hardened-sources, automatically. If you're not >=20 > running ~arch I'd suggest you unmask anything that the overlay has in=20 > it, since there are often PIE or SSP patches included in those > versions. >=20 Just use latest stable glibc from portage (glibc in hardened-dev is going away as soon as Zorry feel comfortable removing it). The same goes for all other packages, use the versions from portage unless you have problems compiling that version or told otherwise @ #gentoo-hardened. When it comes to which arch, I have no bigger problem using the gcc-4.4.2 on an ~amd64 machine... Bu that may be me that is lucky.;)