Re: Hardened toolchain

Sun, 27 Mar 2022 20:18:12 -0700 

Hi,

Maxime Devos <maximede...@telenet.be> writes:

> zimoun schreef op ma 21-03-2022 om 14:34 [+0100]:
>> > * gcc can be compiled with `--enable-default-ssp --enable-default-
>> > pie`
>> > to enforce ssp and pic
>> 
>> You wrote [1]:
>> 
>> --8<---------------cut here---------------start------------->8---
>> (define-public gcc
>>   (package
>>     (inherit gcc)
>>     (arguments
>>      (substitute-keyword-arguments (package-arguments gcc)
>>      ((#:configure-flags flags
>>        `(append (list "--enable-default-ssp" "--enable-default-pie")
>>             ,flags)))))))
>> --8<---------------cut here---------------end--------------->8---
>
> I think it would be a lot simpler to just add this to the 'standard'
> gcc configure flags, in (gnu packages gcc), given that probably the
> idea is to do this hardening for all packages?  Needs a world-rebuild
> though.

+1.  The whole distribution can probably benefit from this hardening.

Maxim
  • Hardened toolchai... Development of GNU Guix and the GNU System distribution.
    • Hardened too... zimoun
      • Re: Hard... zimoun
        • Re: ... Development of GNU Guix and the GNU System distribution.
          • ... Development of GNU Guix and the GNU System distribution.
            • ... zimoun
              • ... Development of GNU Guix and the GNU System distribution.
                • ... Development of GNU Guix and the GNU System distribution.
                • ... zimoun
      • Re: Hard... Maxime Devos
        • Re: ... Maxim Cournoyer
          • ... zimoun
          • ... Development of GNU Guix and the GNU System distribution.
          • ... Ludovic Courtès
            • ... Development of GNU Guix and the GNU System distribution.
            • ... jbranso
              • ... Zhu Zihao
                • ... raingloom
                • ... Katherine Cox-Buday
                • ... Aurora
                • ... Katherine Cox-Buday

Reply via email to