From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 3CDFE139083 for ; Sun, 3 Dec 2017 02:44:54 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 12341E0F8D; Sun, 3 Dec 2017 02:44:48 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 9A4D1E0F7F for ; Sun, 3 Dec 2017 02:44:46 +0000 (UTC) Received: from [192.168.1.100] (c-98-218-46-55.hsd1.md.comcast.net [98.218.46.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mjo) by smtp.gentoo.org (Postfix) with ESMTPSA id 0B4F733BF3C for ; Sun, 3 Dec 2017 02:44:44 +0000 (UTC) Subject: Re: [gentoo-user] New profile 17: How urgent is the rebuild of world technically? To: gentoo-user@lists.gentoo.org References: <20171203021528.xmulbskbadhglyda@solfire> <73314087-5fa1-d75f-8a2e-a74857026f9c@gentoo.org> From: Michael Orlitzky Message-ID: <0cb1a823-ce29-3e6e-ceed-af8c7b19d10c@gentoo.org> Date: Sat, 2 Dec 2017 21:44:41 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Archives-Salt: 1841c7b2-ea54-4a8e-a3c6-45279f18b707 X-Archives-Hash: d9ac795cda75dd96264f7f6792dc2ba5 On 12/02/2017 09:32 PM, Adam Carter wrote: > > Does having the hardened USE flag enabled = having a hardened toolchain? If only it were that simple... what you really need to know is, did you build everything on your system with PIE enabled? * Some packages have "pie" USE flags, and it's only forced-on in the hardened profiles. I think that flag may actually have been masked in the default profiles? * Even if you /built/ a hardened compiler, you can switch it off with gcc-config. * Your local flags in make.conf can disable some of that stuff, too. If you were using a hardened *profile*, then chances are that you won't need to rebuild (unless you switched to a non-hardened compiler on purpose). Otherwise, I would play it safe and rebuild everything. The newer GCC probably produces more efficient code anyway, and you will preempt all of the inevitable problems that no one thought of and that weren't mentioned in the news item.