Why did you add ssp in CFLAGS?, why not using specs directly?. I only added -D_FORTIFY_SOURCE=2 in CFLAGS. glibc doesn't compile with -fstack-protector-all in the CFLAGS, so you should switch to the -fstack-protector to compile which is less secure than using specs which compile with -fstack-protector-all which could be done.
2009/5/20 basile <bas...@opensource.dyc.edu>: > > Hello everyone, > > I'd like to announce that a new release of Tin Hat is out. Tin Hat is a > fully featured Linux desktop based on Hardened Gentoo which runs purely > in RAM. It aims to be very secure, stable, and fast. > > This release concentrates primarily on updating the hardened tool chain, > and no changes were made to the kernel since the last release. The > system was completely recompiled using hardened Gentoo's stock gcc-4.3.3 > plus stack-protection added via the CFLAGS and CXXFLAGS in make.conf. > Extensive testing of the most used services and apps gave no issues with > the exception of Evolution which required lazy linking. > > As with every release, we sync-ed upstream with Gentoo. Major package > updates include coreutils, util-linux, and xorg-server and its > drivers/libs. Firefox was also update to the more secure 3.0.10. > > Home page: http://opensource.dyc.edu/tinhat > Downloads: http://opensource.dyc.edu/tinhat-downloads > > -- > > Anthony G. Basile, Ph.D. > Chair of Information Technology > D'Youville College > Buffalo, NY 14201 > USA > > (716) 829-8197 > > > >
