I have decided to take the hardened profile for a spin on a couple of my edge servers. I grabbed stage1-x86-hardened-2.6-2006.0.tar.bz2, verified the profile was set to profiles/hardened/x86/2.6/, did my bootstrap and emerge -e system. Everything looks to have gone ok. What I am curious about is the fact that I didn't really notice any special CFLAGS being used while everything was compiling. Various documents tell me it is transparent, that the settings are read from the gcc spec file. Should I not be seeing cflags specific to hardened settings while everything is compiling? gcc-config -l shows: [1] i686-pc-linux-gnu-3.4.5 * [2] i686-pc-linux-gnu-3.4.5-hardenednopie [3] i686-pc-linux-gnu-3.4.5-hardenednopiessp [4] i686-pc-linux-gnu-3.4.5-hardenednossp [5] i686-pc-linux-gnu-3.4.5-vanilla When I look in /etc/env.d/05gcc, nothing is set for GCC_SPECS: PATH="/usr/i686-pc-linux-gnu/gcc-bin/3.4.5" ROOTPATH="/usr/i686-pc-linux-gnu/gcc-bin/3.4.5" MANPATH="/usr/share/gcc-data/i686-pc-linux-gnu/3.4.5/man" INFOPATH="/usr/share/gcc-data/i686-pc-linux-gnu/3.4.5/info" LDPATH="/usr/lib/gcc/i686-pc-linux-gnu/3.4.5" GCC_SPECS="" /etc/env.d/gcc/config points to i686-pc-linux-gnu-3.4.5, which contains: PATH="/usr/i686-pc-linux-gnu/gcc-bin/3.4.5" ROOTPATH="/usr/i686-pc-linux-gnu/gcc-bin/3.4.5" LDPATH="/usr/lib/gcc/i686-pc-linux-gnu/3.4.5" GCCBITS="32" MANPATH="/usr/share/gcc-data/i686-pc-linux-gnu/3.4.5/man" INFOPATH="/usr/share/gcc-data/i686-pc-linux-gnu/3.4.5/info" STDCXX_INCDIR="g++-v3" When I look at some of the other config files such as i686-pc-linux-gnu-3.4.5-hardenednopie, it defines a GCC_SPECS file: PATH="/usr/i686-pc-linux-gnu/gcc-bin/3.4.5" ROOTPATH="/usr/i686-pc-linux-gnu/gcc-bin/3.4.5" LDPATH="/usr/lib/gcc/i686-pc-linux-gnu/3.4.5" GCCBITS="32" MANPATH="/usr/share/gcc-data/i686-pc-linux-gnu/3.4.5/man" INFOPATH="/usr/share/gcc-data/i686-pc-linux-gnu/3.4.5/info" STDCXX_INCDIR="g++-v3" GCC_SPECS="/usr/lib/gcc/i686-pc-linux-gnu/3.4.5/hardenednopie.specs" So I guess my question is - how do I know everything is actually being compiled with the hardened specific flags? A diff on /usr/lib/gcc/i686-pc-linux-gnu/3.4.5/specs and hardened.specs shows no differences, is it safe to assume the default specs file is being used even though it is not being set anywhere in the environment?