Beside modifying profile symlink you shouldn't need "pic" and "pie" flags
in your make.conf any more. You can use "hardened" instead. To my best
knowledge: compiling gcc and glibc first to get the new toolchain running
and going on with "emerge -ve" world thereafter seems to be the method of
choice
Where is the patch that removes .text relocations from mplayer and
xine-lib? Solar said on IRC that was one lying around somewhere. I
searched on Gentoo Bugzilla and on the Web with Google and I did not
find it.
Why? This is what I get from /usr/bin/xine (part of xine-ui)
This is xine (X11 gui) -
On Sun, 2005-05-29 at 11:27 -0400, René Rhéaume wrote:
> Where is the patch that removes .text relocations from mplayer and
> xine-lib? Solar said on IRC that was one lying around somewhere. I
> searched on Gentoo Bugzilla and on the Web with Google and I did not
> find it.
I could not find where
On Sun, 2005-05-29 at 15:02 +0200, Tóth Attila wrote:
> Beside modifying profile symlink you shouldn't need "pic" and "pie" flags
> in your make.conf any more.
You need USE=pic if your going to use the hardened toolchain or you will
be in a world of hurt. Take gzip for example. Without the pic u
I am running a hardened kernel using the grsec stuff. Is it safe to
recompile glibc with NPTL under hardened kernel? Everything is
basically the standard unmasked stuff as available right now from portage
Any reasons not to change? Any issues during the upgrade that I might
want to be aware
On Sun, 2005-05-29 at 20:08 +0100, Ed W wrote:
> I am running a hardened kernel using the grsec stuff. Is it safe to
> recompile glibc with NPTL under hardened kernel? Everything is
> basically the standard unmasked stuff as available right now from portage
Well, I'm using it currently on a ~x
Greetings,
Has anyone been able to build *any* version of mono under hardened profile?
I've been chasing the error for a while now (all portage versions
1.1.4/5/6/7 fail with same error).
The error is:
*code*
/usr/lib/gcc/x86_64-pc-linux-gnu/3.4.3-20050110/../../../../x86_64-pc-linux-gnu/bin
Chris S wrote:
Greetings,
Has anyone been able to build *any* version of mono under hardened profile?
I've been chasing the error for a while now (all portage versions
1.1.4/5/6/7 fail with same error).
I've never been able to get mono to build with the hardened
kernel extensions active. T
Mike Edenfield wrote:
I've never been able to get mono to build with the hardened kernel
extensions active. The problem, as you might have already deduced, is
that mono violates some of hardened's protection bits -- specifically,
the mono runtime tries to execute data as code. Once mono's in
Chris S wrote:
Thank you for your reply. This makes sense. I guess the problem is
that I need to run .net as a service on an internet visible server. I
do not however want to remove hardened just for the sake of .net support!
Do you think it is possible to create an entirely seperate chroot
en
Chris S wrote:
> Chris S wrote:
>
>> Thank you for your reply. This makes sense. I guess the problem is
>> that I need to run .net as a service on an internet visible server. I
>> do not however want to remove hardened just for the sake of .net
>> support!
>> Do you think it is possible to create
Rumen Yotov wrote:
Hi,
Beside grsec in hardened (grsec2&PaX) there is also the PaX-kernel-patch.
If an app tries to exec data as code, then it's PaX thing. PaX refuses
to run data as code (if configured).
Check the logs to see why/who stops the program/s.
HTH. Rumen
Thank you, I will check t
Chris S wrote:
> Rumen Yotov wrote:
>
>> Hi,
>>
>> Beside grsec in hardened (grsec2&PaX) there is also the
>> PaX-kernel-patch.
>> If an app tries to exec data as code, then it's PaX thing. PaX refuses
>> to run data as code (if configured).
>> Check the logs to see why/who stops the program/s.
>>
13 matches
Mail list logo
