From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1N1eOm-0003Kh-FS for garchives@archives.gentoo.org; Sat, 24 Oct 2009 11:03:05 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 63793E088D; Sat, 24 Oct 2009 11:03:03 +0000 (UTC) Received: from mail-ew0-f211.google.com (mail-ew0-f211.google.com [209.85.219.211]) by pigeon.gentoo.org (Postfix) with ESMTP id E8B69E0897 for ; Sat, 24 Oct 2009 11:03:02 +0000 (UTC) Received: by ewy7 with SMTP id 7so8933472ewy.34 for ; Sat, 24 Oct 2009 04:03:02 -0700 (PDT) Received: by 10.210.7.24 with SMTP id 24mr4164536ebg.48.1256382182391; Sat, 24 Oct 2009 04:03:02 -0700 (PDT) Received: from ?192.168.1.20? (kakou.org [81.56.209.210]) by mx.google.com with ESMTPS id 28sm663721eyg.38.2009.10.24.04.03.00 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 24 Oct 2009 04:03:01 -0700 (PDT) Subject: Re: [gentoo-hardened] NOTICE: GCC 4.3.4 going stable on Hardened Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org Mime-Version: 1.0 (Apple Message framework v1076) Content-Type: text/plain; charset=iso-8859-1; format=flowed; delsp=yes From: Kakou In-Reply-To: <200910131602.39481.gengor@gentoo.org> Date: Sat, 24 Oct 2009 13:02:58 +0200 Cc: Kakou Content-Transfer-Encoding: quoted-printable Message-Id: <62EA96AA-E60B-409D-A9F2-9E6636915792@kakou.org> References: <200910131602.39481.gengor@gentoo.org> To: gentoo-hardened@lists.gentoo.org X-Mailer: Apple Mail (2.1076) X-Archives-Salt: 5e9881e3-9994-4250-b1f9-7ca5b1986e49 X-Archives-Hash: 07a835f524daf83bc9d9b57c74257425 Hello all, I have updated my gcc 3.4 profile (with SELinux) to gcc 4.3 profile =20 (with a modified profile to support SELinux v2 policy). After recompiling gcc+glibc, I obtain this : gcc-config -l [1] i686-pc-linux-gnu-4.3.4 * [2] i686-pc-linux-gnu-4.3.4-hardenednopie [3] i686-pc-linux-gnu-4.3.4-vanilla [2] does not support support pie and I don't have a -hardened config. So my question is : "[1] is the gcc hardened profile ?" (when I test with paxtest, all is randomized) Thanks, Kakou Le 14 oct. 2009 =E0 01:02, Gordon Malm a =E9crit : > Hello Hardened users, this is just a quick heads up. GCC 4.3.4 will =20= > be going > stable on hardened profiles shortly. Unlike Hardened GCC 3.4.6, =20 > this version > lacks default SSP building. However, FORTIFY_SOURCE=3D2 > and -fno-strict-overflow are now enabled by default. Other Hardened =20= > compiler > features (ex. default relro, bind now & pic/pie building) remain =20 > enabled - no > change from 3.4.6. > > It is regretable this must be done before GCC4 is SSP-by-default =20 > enabled. > However, more and more packages require the newer GCC. The stable =20 > GCC on > Hardened has been GCC 3.4.6 for a long time, but this has become an =20= > untenable > situation. GCC4 SSP-by-default works and will be added in a later =20 > revision - > some GCC4+SSP bugs in grub and glibc also remain to be fixed. > > Please follow '2. General Upgrade Instructions' in the 'Gentoo GCC =20 > Upgrade > Guide' [1] when upgrading from GCC 3.4.x to GCC 4.3.x. The upgrade =20= > should be > relatively smooth, but if you run into upgrade troubles seek help =20 > via this > mailing list, bugs.gentoo.org, or irc.freenode.net, #gentoo-hardened. > > [1] http://www.gentoo.org/doc/en/gcc-upgrading.xml > > Sincerely, > Gordon Malm (gengor) >