Re: [gentoo-hardened] GCC4 (again...)

[Ed W <lists@wildgooses.com>]

[-- Attachment #1: Type: text/plain, Size: 1420 bytes --]

klondike wrote:
> 2009/6/25 Ed W <lists@wildgooses.com>:
>   
>> Hi, I can find various posts on blogs referring to hardened working in at
>> least a limited capacity with GCC4 right now?  There is even a (fairly old)
>> note in the gentoo documentation about upgrading to GCC4.1.  However, I
>> don't see any recent status updates on the list here, or any other official
>> kind of notices?
>>
>> Can someone please perhaps post a summary of where we are with regards to
>> GCC4?  I think a lot of folks want hardened as a "nice to have", so even a
>> partial implementation would be nice to have, although also it's important
>> to understand exactly what you are getting
>>
>> Anyone able to provide such a summary please?
>>
>> FWIW: I'm largely interested in GCC4+hardened+uclibc, which may be better
>> supported?
>>     
> I wrote on my blog on that some time ago:
> http://klondike.xiscosoft.es/klog/2009/03/07/gentoo-hardened-and-gcc-4x-i-installation/
>
> As for now I keep using gcc4-x for desktop and server use without
> major problems except a few packages who don't detected well the gcc
> version (and which seem to have been fixed).
>
>   

Actually this was one of the posts I found already!

However, to be clear I think this achieves a PIE install with no SSP?  
Can anyone confirm this is correct?

Seems like SSP is desirable, but not really sure why it's not so 
straightforward to turn on?

Ed W

[-- Attachment #2: Type: text/html, Size: 2060 bytes --]