From: Magnus Granberg <zorry@ume.nu>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] NOTICE: GCC 4.3.4 going stable on Hardened
Date: Sat, 24 Oct 2009 17:20:23 +0200 [thread overview]
Message-ID: <200910241720.23181.zorry@ume.nu> (raw)
In-Reply-To: <243ED2F1-B6AC-43BB-9A9E-1490E62DA5FE@kakou.org>
lördag 24 oktober 2009 14.57.30 skrev Kakou:
> Le 24 oct. 2009 à 14:50, Ed W a écrit :
> > Kakou wrote:
> >> Hello all,
> >>
> >> I have updated my gcc 3.4 profile (with SELinux) to gcc 4.3 profile
> >> (with a modified profile to support SELinux v2 policy).
> >> After recompiling gcc+glibc, I obtain this :
> >>
> >> gcc-config -l
> >>
> >> [1] i686-pc-linux-gnu-4.3.4 *
> >> [2] i686-pc-linux-gnu-4.3.4-hardenednopie
> >> [3] i686-pc-linux-gnu-4.3.4-vanilla
> >>
> >> [2] does not support support pie and I don't have a -hardened config.
> >> So my question is : "[1] is the gcc hardened profile ?"
> >> (when I test with paxtest, all is randomized)
> >
> > Yes - actually I think it was the same on the gcc-3.4 profile also -
> > the hardened profile was just the short named option and the other
> > options are the ones which gradually work towards the "vanilla"
> > specs by disabling certain hardening features
>
> Ok I was confused with the howto
> (http://www.gentoo.org/proj/en/hardened/toolchain-upgrade-guide.xml ) :
>
> Code Listing 2.5: Select hardened gcc
>
> gcc-config -l
> gcc-config <new gcc>-hardened
> source /etc/profile
> -----
>
> Now I try to use the gcc 4.4 version on the git hardened-development
> and I have 2 questions :
> - espf is included in this version but not in gcc 4.3 version that are
> present in the portage tree ?
> - espf is like ssp protection ?
>
> > Good luck
> >
> > Ed W
>
1. The espf is new version of the pie patchset that is in the tree
for it do more then only add Position independent executable (PIE) to GCC.
2. espf stand for Enable Stack smashing protection, Position independent
executable and Fortify_sources.
Hope this help you.
Hardened-dev overlay
Magnus Granberg (Zorry)
prev parent reply other threads:[~2009-10-24 14:36 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-13 23:02 [gentoo-hardened] NOTICE: GCC 4.3.4 going stable on Hardened Gordon Malm
2009-10-13 23:52 ` Michael Orlitzky
2009-10-14 17:23 ` Ed W
2009-10-15 15:44 ` basile
2009-10-15 18:10 ` Ed W
2009-10-15 19:06 ` Gordon Malm
2009-10-30 23:49 ` Ed W
2009-10-24 11:02 ` Kakou
2009-10-24 12:50 ` Ed W
2009-10-24 12:57 ` Kakou
2009-10-24 15:20 ` Magnus Granberg [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200910241720.23181.zorry@ume.nu \
--to=zorry@ume.nu \
--cc=gentoo-hardened@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox