From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1My7Zt-0005ry-Vk for garchives@archives.gentoo.org; Wed, 14 Oct 2009 17:23:58 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id AD02DE0858; Wed, 14 Oct 2009 17:23:56 +0000 (UTC) Received: from mail1.nippynetworks.com (mail.mailasail.com [212.227.250.41]) by pigeon.gentoo.org (Postfix) with ESMTP id 73262E0858 for ; Wed, 14 Oct 2009 17:23:56 +0000 (UTC) Received: from localhost (mail1.nippynetworks.com [127.0.2.1]) by mail1.nippynetworks.com (Postfix) with ESMTP id CC99F67419C for ; Wed, 14 Oct 2009 18:23:53 +0100 (BST) X-Virus-Scanned: amavisd-new at nippynetworks.com Received: from mail1.nippynetworks.com ([127.0.2.1]) by localhost (mail1.nippynetworks.com [127.0.2.1]) (amavisd-new, port 10024) with LMTP id UeTGpkT3PF0v for ; Wed, 14 Oct 2009 18:23:53 +0100 (BST) Received: from ed-wildgooses-macbook-pro.local (office.nippynetworks.com [94.194.201.187]) (Authenticated sender: edward@wildgooses.com) by mail1.nippynetworks.com (Postfix) with ESMTPSA id 9257C674057 for ; Wed, 14 Oct 2009 18:23:53 +0100 (BST) Message-ID: <4AD60928.6090804@wildgooses.com> Date: Wed, 14 Oct 2009 18:23:52 +0100 From: Ed W User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] NOTICE: GCC 4.3.4 going stable on Hardened References: <200910131602.39481.gengor@gentoo.org> In-Reply-To: <200910131602.39481.gengor@gentoo.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 2aef0e3e-0577-4f29-a5d4-1af8953c08d2 X-Archives-Hash: 661b19ee07988ef6240bdf50e7ffa9a6 Gordon Malm wrote: > Hello Hardened users, this is just a quick heads up. GCC 4.3.4 will be going > stable on hardened profiles shortly. Unlike Hardened GCC 3.4.6, this version > lacks default SSP building. However, FORTIFY_SOURCE=2 > and -fno-strict-overflow are now enabled by default. Other Hardened compiler > features (ex. default relro, bind now & pic/pie building) remain enabled - no > change from 3.4.6. > > It is regretable this must be done before GCC4 is SSP-by-default enabled. > However, more and more packages require the newer GCC. The stable GCC on > Hardened has been GCC 3.4.6 for a long time, but this has become an untenable > situation. GCC4 SSP-by-default works and will be added in a later revision - > some GCC4+SSP bugs in grub and glibc also remain to be fixed. > > Anyone got any empirical reports on upgrading a uclibc hardened system? Lack of TLS in uclibc appears to be a potential issue? Natanael Copa has previously reported very widespread success using gcc 4.4.1 + uclibc with apparently fairly minimal additional patches? I guess gcc 4.4 isn't yet stable on any profiles, but does gcc4.4 buy us anything generally in terms of getting hardened+ssp stable? Cheers Ed W