lördag 24 oktober 2009 14.57.30 skrev Kakou: > Le 24 oct. 2009 à 14:50, Ed W a écrit : > > Kakou wrote: > >> Hello all, > >> > >> I have updated my gcc 3.4 profile (with SELinux) to gcc 4.3 profile > >> (with a modified profile to support SELinux v2 policy). > >> After recompiling gcc+glibc, I obtain this : > >> > >> gcc-config -l > >> > >> [1] i686-pc-linux-gnu-4.3.4 * > >> [2] i686-pc-linux-gnu-4.3.4-hardenednopie > >> [3] i686-pc-linux-gnu-4.3.4-vanilla > >> > >> [2] does not support support pie and I don't have a -hardened config. > >> So my question is : "[1] is the gcc hardened profile ?" > >> (when I test with paxtest, all is randomized) > > > > Yes - actually I think it was the same on the gcc-3.4 profile also - > > the hardened profile was just the short named option and the other > > options are the ones which gradually work towards the "vanilla" > > specs by disabling certain hardening features > > Ok I was confused with the howto > (http://www.gentoo.org/proj/en/hardened/toolchain-upgrade-guide.xml ) : > > Code Listing 2.5: Select hardened gcc > > gcc-config -l > gcc-config <new gcc>-hardened > source /etc/profile > ----- > > Now I try to use the gcc 4.4 version on the git hardened-development > and I have 2 questions : > - espf is included in this version but not in gcc 4.3 version that are > present in the portage tree ? > - espf is like ssp protection ? > > > Good luck > > > > Ed W > 1. The espf is new version of the pie patchset that is in the tree for it do more then only add Position independent executable (PIE) to GCC. 2. espf stand for Enable Stack smashing protection, Position independent executable and Fortify_sources. Hope this help you.
Hardened-dev overlay Magnus Granberg (Zorry)
