Hi! Thanks for this report. I can't reproduce this segfault. I tried the
builds both amd64 and i386, and both build fine with 4.6.0-6 for me. Do you
have any minimal reproducers that might show this more specifically?
Thanks!
-Kees
--
Kees
On Mon, Jan 24, 2011 at 01:26:00PM -0800, Don Armstrong wrote:
> On Fri, 21 Jan 2011, Kees Cook wrote:
> > This is likely the core of the disagreement: how to apply the flags.
> > I have a strong opinion about this because my perspective is
> > security-oriented. I think a
#x27;s not very hard
to keep the patch up to date.
That said, I do recognize that it creates a delta from upstream gcc and
makes it harder to diagnose compiler bugs. I would like to have upstream
take a --configure build-time option for gcc for these d
Has the archive been successfully rebuilt with the proposed patch?
>
> I think this patch is used in Ubuntu, so mostly yes. I guess Kees Cook or
> Steve Langasek should be able to tell us a bit more.
Yes, all of Ubuntu has been compiled with hardening enabled since Oct 2008.
As mentioned in the
ve is
security-oriented. I think all compiles should be hardened; default
to being secure, and whitelist that which needs things disabled. Same
policy applies to firewalls, etc. As before, I stand by my original email
that started this thread:
http://lists.debian.org/debian-gcc/2009/10/m
Hi,
On Tue, Nov 24, 2009 at 09:38:41PM +0100, Moritz Muehlenhoff wrote:
> On 2009-11-05, Kees Cook wrote:
> > This would certainly be better than nothing, and better than the
> > hardening-wrapper package, but it would require that every package in
> > Debian be modifie
On Thu, Oct 29, 2009 at 10:01:08PM -0200, Henrique de Moraes Holschuh wrote:
> On Tue, 27 Oct 2009, Kees Cook wrote:
> > On Mon, Oct 26, 2009 at 11:14:25AM +0100, Bastian Blank wrote:
> > > On Sun, Oct 25, 2009 at 11:55:25AM -0700, Kees Cook wrote:
> > > > I would l
.html
--
Kees Cook@debian.org
diff -uNrp gcc-4.4-4.4.1/debian~/rules.defs gcc-4.4-4.4.1/debian/rules.defs
--- gcc-4.4-4.4.1/debian~/rules.defs 2009-10-25 10:46:48.0 -0700
+++ gcc-4.4-4.4.1/debian/rules.defs 2009-10-25 10:50:13.0 -0700
Hi,
On Tue, Oct 27, 2009 at 10:19:22PM -0200, Henrique de Moraes Holschuh wrote:
> On Tue, 27 Oct 2009, Kees Cook wrote:
> > > > It seems the kernel will not be happy if the stack protector is switched
> > > > on unconditionally:
> > > >
> > > >
Hi,
On Tue, Oct 27, 2009 at 01:30:12PM -0200, Henrique de Moraes Holschuh wrote:
> On Mon, 26 Oct 2009, Gabor Gombas wrote:
> > On Mon, Oct 26, 2009 at 11:14:25AM +0100, Bastian Blank wrote:
> > > On Sun, Oct 25, 2009 at 11:55:25AM -0700, Kees Cook wrote:
> > > > I
On Mon, Oct 26, 2009 at 11:14:25AM +0100, Bastian Blank wrote:
> On Sun, Oct 25, 2009 at 11:55:25AM -0700, Kees Cook wrote:
> > I would like to propose enabling[1] the GCC hardening patches that Ubuntu
> > uses[2].
>
> How do they work? Do they also change the free-standing c
Hi,
On Mon, Oct 26, 2009 at 01:36:28PM +0100, Florian Weimer wrote:
> * Kees Cook:
> > I would like to propose enabling[1] the GCC hardening patches that Ubuntu
> > uses[2].
>
> Seems a good idea to me. But I think we should defer the required
> full archive reb
8 R_X86_64_JUMP_SLOT __printf_chk
006120c0 R_X86_64_JUMP_SLOT __memcpy_chk
006121c0 R_X86_64_JUMP_SLOT __stack_chk_fail
00612220 R_X86_64_JUMP_SLOT __sprintf_chk
000000612230 R_X86_64_JUMP_SLOT __snprintf_chk
--
Kees Cook
-Wextra -D_FORTIFY_SOURCE=2 -Wl,-z,relro -o hello hello.c
Note, AFAIK, -fPIC and -fPIE is redundant: -fPIE is a subset of -fPIC.
-Kees
--
Kees Cook@outflux.net
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ll be
silently ignored if -O is less than 2.
-Kees
[1] http://wiki.debian.org/Hardening
add hardening-wrapper to debian/control Build-Deps
add "export DEB_BUILD_HARDENING=1" to debian/rules
[2]
http://svn.debian.org/wsvn/hardening/hardening-w
15 matches
Mail list logo
