[gentoo-user] Grub, Hardened, and AMD64

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-user] Grub, Hardened, and AMD64
@ 2006-06-20 15:26 Michael Crute
  2006-06-20 15:54 ` Rumen Yotov
  0 siblings, 1 reply; 3+ messages in thread
From: Michael Crute @ 2006-06-20 15:26 UTC (permalink / raw
  To: Gentoo Lists

I am building a server (AMD Opteron 64) and as a matter of policy I
always run the hardened profile on my servers. Now this is my first
time doing an install on an AMD64 architecture with hardened and so
far it has gone relatively well. The thing that is giving me the most
problems is Grub. When I try to emerge it in the hardened chroot the
config script bombs out with an error 'C compiler cannot create
executables'. One suggested solution was to disable sandbox in
features and try again, no such luck. My next thought was to build a
second chroot with a regular (non-hardened) tarball and build a
package of grub (compiled using the static useflag) then emerge that
in the hardened environment. Does this make sense? Is it likely to
work or should I be doing something else? Any help would be
appreciated.

Note that simply not using the hardened profile is not an option here.

-Mike

-- 
________________________________
Michael E. Crute
http://mike.crute.org

I may not have gone where I intended to go, but I think I have ended
up where I intended to be. --Douglas Adams
-- 
gentoo-user@gentoo.org mailing list

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [gentoo-user] Grub, Hardened, and AMD64
  2006-06-20 15:26 [gentoo-user] Grub, Hardened, and AMD64 Michael Crute
@ 2006-06-20 15:54 ` Rumen Yotov
  2006-06-21 13:29   ` [gentoo-user][SOLVED] " Michael Crute
  0 siblings, 1 reply; 3+ messages in thread
From: Rumen Yotov @ 2006-06-20 15:54 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 1176 bytes --]

Michael Crute wrote:
> I am building a server (AMD Opteron 64) and as a matter of policy I
> always run the hardened profile on my servers. Now this is my first
> time doing an install on an AMD64 architecture with hardened and so
> far it has gone relatively well. The thing that is giving me the most
> problems is Grub. When I try to emerge it in the hardened chroot the
> config script bombs out with an error 'C compiler cannot create
> executables'. One suggested solution was to disable sandbox in
> features and try again, no such luck. My next thought was to build a
> second chroot with a regular (non-hardened) tarball and build a
> package of grub (compiled using the static useflag) then emerge that
> in the hardened environment. Does this make sense? Is it likely to
> work or should I be doing something else? Any help would be
> appreciated.
> 
> Note that simply not using the hardened profile is not an option here.
> 
> -Mike
> 
Hi,
Use gcc-config to switch to a vanilla-profile (non-hardened at all).
Try to emerge grub then switch back to "hardened".
Using non-hardened grub can't become any security thread.
PS:could also try latest ~x86 Grub
HTH.Rumen

[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/x-pkcs7-signature, Size: 3493 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [gentoo-user][SOLVED] Grub, Hardened, and AMD64
  2006-06-20 15:54 ` Rumen Yotov
@ 2006-06-21 13:29   ` Michael Crute
  0 siblings, 0 replies; 3+ messages in thread
From: Michael Crute @ 2006-06-21 13:29 UTC (permalink / raw
  To: gentoo-user

On 6/20/06, Rumen Yotov <rumen@qrypto.org> wrote:
> Michael Crute wrote:
> > I am building a server (AMD Opteron 64) and as a matter of policy I
> > always run the hardened profile on my servers. Now this is my first
> > time doing an install on an AMD64 architecture with hardened and so
> > far it has gone relatively well. The thing that is giving me the most
> > problems is Grub. When I try to emerge it in the hardened chroot the
> > config script bombs out with an error 'C compiler cannot create
> > executables'. One suggested solution was to disable sandbox in
> > features and try again, no such luck. My next thought was to build a
> > second chroot with a regular (non-hardened) tarball and build a
> > package of grub (compiled using the static useflag) then emerge that
> > in the hardened environment. Does this make sense? Is it likely to
> > work or should I be doing something else? Any help would be
> > appreciated.
> >
> > Note that simply not using the hardened profile is not an option here.

I emerged Grub in a separate non-hardened chroot, built a binary
package and emerged it into my hardened chroot and everything worked
like a charm. I did use the custom-cflags and static USE flag on the
build, I'm not sure if custom-cflags is needed but I'm pretty sure
static is required since the 32bit libs aren't available on my system
outside of the chroot used to build the package. If I'm wrong on this
let me know. If anyone else happens to be running an Opteron processor
and would benefit from the package I would be glad to post it.

-Mike

-- 
________________________________
Michael E. Crute
http://mike.crute.org

I may not have gone where I intended to go, but I think I have ended
up where I intended to be. --Douglas Adams
-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2006-06-21 13:42 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-06-20 15:26 [gentoo-user] Grub, Hardened, and AMD64 Michael Crute
2006-06-20 15:54 ` Rumen Yotov
2006-06-21 13:29   ` [gentoo-user][SOLVED] " Michael Crute

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox