From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1MJzyd-0000V1-Dx for garchives@archives.gentoo.org; Fri, 26 Jun 2009 01:11:39 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 29DD2E04C4; Fri, 26 Jun 2009 01:11:38 +0000 (UTC) Received: from mail1.nippynetworks.com (mail.mailasail.com [212.227.250.41]) by pigeon.gentoo.org (Postfix) with ESMTP id C3767E04C4 for ; Fri, 26 Jun 2009 01:11:37 +0000 (UTC) Received: from localhost (mail1.nippynetworks.com [127.0.2.1]) by mail1.nippynetworks.com (Postfix) with ESMTP id 33676B598CD for ; Fri, 26 Jun 2009 02:11:37 +0100 (BST) X-Virus-Scanned: amavisd-new at nippynetworks.com Received: from mail1.nippynetworks.com ([127.0.2.1]) by localhost (mail1.nippynetworks.com [127.0.2.1]) (amavisd-new, port 10024) with LMTP id 0WhrY5IytZEr for ; Fri, 26 Jun 2009 02:11:37 +0100 (BST) Received: from ed-wildgooses-macbook-pro.local (office.nippynetworks.com [94.194.201.187]) (Authenticated sender: edward@wildgooses.com) by mail1.nippynetworks.com (Postfix) with ESMTPSA id D43AC67603A for ; Fri, 26 Jun 2009 02:11:36 +0100 (BST) Message-ID: <4A442047.3000409@wildgooses.com> Date: Fri, 26 Jun 2009 02:11:35 +0100 From: Ed W User-Agent: Thunderbird 2.0.0.22 (Macintosh/20090605) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] GCC4 (again...) References: <4A43594C.5040201@wildgooses.com> <8b17778e0906251158n6f98ba48jb8e1015bc8e70057@mail.gmail.com> In-Reply-To: <8b17778e0906251158n6f98ba48jb8e1015bc8e70057@mail.gmail.com> Content-Type: multipart/alternative; boundary="------------070300080607030505090105" X-Archives-Salt: e001dffc-b1ab-4be4-aaa0-80afb7ec530c X-Archives-Hash: 7454995b444fa05fe9c42554217ee0a0 This is a multi-part message in MIME format. --------------070300080607030505090105 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit klondike wrote: > 2009/6/25 Ed W : > >> Hi, I can find various posts on blogs referring to hardened working in at >> least a limited capacity with GCC4 right now? There is even a (fairly old) >> note in the gentoo documentation about upgrading to GCC4.1. However, I >> don't see any recent status updates on the list here, or any other official >> kind of notices? >> >> Can someone please perhaps post a summary of where we are with regards to >> GCC4? I think a lot of folks want hardened as a "nice to have", so even a >> partial implementation would be nice to have, although also it's important >> to understand exactly what you are getting >> >> Anyone able to provide such a summary please? >> >> FWIW: I'm largely interested in GCC4+hardened+uclibc, which may be better >> supported? >> > I wrote on my blog on that some time ago: > http://klondike.xiscosoft.es/klog/2009/03/07/gentoo-hardened-and-gcc-4x-i-installation/ > > As for now I keep using gcc4-x for desktop and server use without > major problems except a few packages who don't detected well the gcc > version (and which seem to have been fixed). > > Actually this was one of the posts I found already! However, to be clear I think this achieves a PIE install with no SSP? Can anyone confirm this is correct? Seems like SSP is desirable, but not really sure why it's not so straightforward to turn on? Ed W --------------070300080607030505090105 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit klondike wrote: 
2009/6/25 Ed W <lists@wildgooses.com>:
  
Hi, I can find various posts on blogs referring to hardened working in at
least a limited capacity with GCC4 right now?  There is even a (fairly old)
note in the gentoo documentation about upgrading to GCC4.1.  However, I
don't see any recent status updates on the list here, or any other official
kind of notices?

Can someone please perhaps post a summary of where we are with regards to
GCC4?  I think a lot of folks want hardened as a "nice to have", so even a
partial implementation would be nice to have, although also it's important
to understand exactly what you are getting

Anyone able to provide such a summary please?

FWIW: I'm largely interested in GCC4+hardened+uclibc, which may be better
supported?
    
I wrote on my blog on that some time ago:
http://klondike.xiscosoft.es/klog/2009/03/07/gentoo-hardened-and-gcc-4x-i-installation/

As for now I keep using gcc4-x for desktop and server use without
major problems except a few packages who don't detected well the gcc
version (and which seem to have been fixed).

Actually this was one of the posts I found already!

However, to be clear I think this achieves a PIE install with no SSP?  Can anyone confirm this is correct?

Seems like SSP is desirable, but not really sure why it's not so straightforward to turn on?

Ed W
--------------070300080607030505090105--