On 02/05/2015 09:58 AM, Christian Rößner wrote: > > Sorry, if I correct you (hopefully I am right…) > > This is not a profile I showed, this is the gcc compiler. And it is from the > hardened stage tar ball: > > stage3-amd64-hardened-20121210.tar.bz2 (I kept it since install in / ;-) ) > > make.profile -> ../../misc/portage/profiles/hardened/linux/amd64/no-multilib/ > > The whole system is built hardened. >
You are correct, if you start with a hardened stage3 the entire system is already built hardened. You have a hardened profile, and the (most) hardened GCC. So everything you've built since the install has been hardened too (unless the package maintainer had to disable it). The gcc-config output is a little confusing, but the first one is the MOST hardened: [6] x86_64-pc-linux-gnu-4.8.3 * [7] x86_64-pc-linux-gnu-4.8.3-hardenednopie [8] x86_64-pc-linux-gnu-4.8.3-hardenednopiessp [9] x86_64-pc-linux-gnu-4.8.3-hardenednossp [10] x86_64-pc-linux-gnu-4.8.3-vanilla The others are "hardened, minus something."
