Re: [gentoo-dev] Re: Moving more hardening features to default?

On 10/23/11 5:56 AM, Steven J Long wrote: > Will we be able to switch off SSP via config, or will we have to setup our > own profile? In my proposal the SSP would be off by default on non-hardened profiles, at least initially. At any time I'd like it to be switchable via gcc-config, as it current

Re: [gentoo-dev] Re: Building hardened gcc specs always, just not enabling them by default

On Tue, Oct 25, 2011 at 1:59 AM, Ryan Hill wrote: > On Mon, 24 Oct 2011 13:26:01 +0200 > ""Paweł Hajdan, Jr."" wrote: >> Is it possible to just pass flags to GCC: disable all this hardened >> stuff? I know you can disable stack protector, but how about PIE or PIC, >> and possible other hardening

Re: [gentoo-dev] Re: Building hardened gcc specs always, just not enabling them by default

On 10/25/2011 01:59 AM, Ryan Hill wrote: > On Mon, 24 Oct 2011 13:26:01 +0200 > ""Paweł Hajdan, Jr."" wrote: > >> On 10/24/11 12:58 PM, Anthony G. Basile wrote: >>> Well not totally on their own, they'd report it and we'd have to see >>> what we want to do on an ad hoc basis. >> Fair enough, that'

Re: [gentoo-dev] Moving more hardening features to default?

W dniu 20.10.2011 10:47, "Paweł Hajdan, Jr." pisze: > I've noticed > , i.e. > Debian is starting to make more and more hardening features default, at > least for most packages. > > Should we start doing that too? What are possible pr

Re: [gentoo-dev] Moving more hardening features to default?

On 10/25/11 16:18, Kacper Kowalik wrote: W dniu 20.10.2011 10:47, "Paweł Hajdan, Jr." pisze: I've noticed , i.e. Debian is starting to make more and more hardening features default, at least for most packages. Should we start doin

Re: [gentoo-dev] Moving more hardening features to default?

On Tue, Oct 25, 2011 at 10:18 AM, Kacper Kowalik wrote: > 2) What's wrong with current approach i.e. having seperate hardened profile? I don't really see the hardened profile and some hardening by default as being redundant. When I think about the hardened profile I think high security at the co

Re: [gentoo-dev] Moving more hardening features to default?

On 10/25/11 5:11 PM, Rich Freeman wrote: > And "Debian is doing it" or whatever isn't actually a bad reason to > consider this. When Debian does something by default, it means that > upstream packages will take notice. Right, I was thinking about the change for a long time, but if Debian, which a

Re: [gentoo-dev] Re: Moving more hardening features to default?

El 23/10/11 05:56, Steven J Long escribió: > Will we be able to switch off SSP via config, or will we have to setup our > own profile? This should do the trick: CFLAGS=$CFLAGS -fno-stack-protector signature.asc Description: OpenPGP digital signature

Re: [gentoo-dev] [PATCH scons-utils] Support setting common SCons arguments using myesconsargs.

On Tue, 25 Oct 2011 01:57:11 -0400 Mike Frysinger wrote: > On Mon, Oct 24, 2011 at 03:46, Michał Górny wrote: > > On Mon, 24 Oct 2011 03:42:24 + Nathan Phillip Brink wrote: > >> On Sun, Oct 23, 2011 at 08:20:37PM +0200, Micha?? G??rny wrote: > >> > --- > >> >  scons-utils.eclass |   33 ++