On 02/05/2015 09:58 AM, Christian Rößner wrote:
>
> Sorry, if I correct you (hopefully I am right…)
>
> This is not a profile I showed, this is the gcc compiler. And it is from the
> hardened stage tar ball:
>
> stage3-amd64-hardened-20121210.tar.bz2 (I kept it since install in / ;-) )
>
> mak
I test with fedora19 and CentOS7, the "-fPIE" or "-fpie" option works
with fedora19 and CentOS7.
The "-PIE" or "-pie" option is not worked.
On 02/05/2015 09:57 AM, Wietse Venema wrote:
Viktor Dukhovni:
So we should perhaps just ignore the "pie" option with MacOS/X.
Have not tried Yosetime yet
On Thu, 5 Feb 2015 09:57:00 -0500 (EST), Wietse Venema stated:
> We can adopt the current "pie=yes" support into Postfix 3.0 with a
> note that this was tested on a few recent BSD and Linux distributions
> (it solves 90% of the problem). We can use the Postfix 3.1 cycle
> to make this idiot-proof
Christian Rößner skrev den 2015-02-05 15:58:
If I am wrong, please contact me offlist. Then I would have to do a
lot of work to correct this problem. Hopefully not. ;-)
emerge -pev @world | grep hardened | wc -l
euses hardened
eselect profile list
pick a number that contains hardened
eselec
Am 05.02.2015 um 15:58 schrieb Christian Rößner:
So at the moment I stay at my opinion that Postfix is running very stable wie
PIE ans SSP.
If I am wrong, please contact me offlist. Then I would have to do a lot of work
to correct this problem. Hopefully not. ;-)
postfix is running fine with
> Am 05.02.2015 um 13:20 schrieb Benny Pedersen :
>
> Christian Rößner skrev den 2015-02-05 12:07:
>
>> I am using Gentoo hardening:
>> rns root@mx ~ # gcc-config -l
>> [1] x86_64-pc-linux-gnu-4.8.3 *
>
> this is not hardened profile
Sorry, if I correct you (hopefully I am right…)
This is no
Viktor Dukhovni:
> So we should perhaps just ignore the "pie" option with MacOS/X.
> Have not tried Yosetime yet...
We can adopt the current "pie=yes" support into Postfix 3.0 with a
note that this was tested on a few recent BSD and Linux distributions
(it solves 90% of the problem). We can use t
Christian Rößner skrev den 2015-02-05 12:07:
I am using Gentoo hardening:
rns root@mx ~ # gcc-config -l
[1] x86_64-pc-linux-gnu-4.8.3 *
this is not hardened profile
[2] x86_64-pc-linux-gnu-4.8.3-hardenednopie
[3] x86_64-pc-linux-gnu-4.8.3-hardenednopiessp
[4] x86_64-pc-linux-gnu-4.8.3-h
> Am 05.02.2015 um 06:51 schrieb Viktor Dukhovni :
>
> On Thu, Feb 05, 2015 at 01:04:58AM +, Viktor Dukhovni wrote:
>
>> On Wed, Feb 04, 2015 at 01:12:16PM -0500, Wietse Venema wrote:
>>
>>> Very lighty-tested patch follows. No INSTALL documentation until
>>> this has been tested.
>>>
>>>
On Thu, Feb 05, 2015 at 01:04:58AM +, Viktor Dukhovni wrote:
> On Wed, Feb 04, 2015 at 01:12:16PM -0500, Wietse Venema wrote:
>
> > Very lighty-tested patch follows. No INSTALL documentation until
> > this has been tested.
> >
> > Usage: $ make makefiles pie=yes ...
>
> Works on NETBSD6, wi
On Wed, Feb 04, 2015 at 08:06:36PM -0500, Wietse Venema wrote:
> > Usage: $ make makefiles pie=yes ...
>
> How do we know this makes a meaningful difference?
>
> Postfix programs appear to behave as usual with Fedora Core 20 and
> FreeBSD 9.x. The "file" command reports the executables as "ELF
>
On 02/05/2015 02:06 PM, Wietse Venema wrote:
> How do we know this makes a meaningful difference?
>
> Postfix programs appear to behave as usual with Fedora Core 20 and
> FreeBSD 9.x. The "file" command reports the executables as "ELF
> 64-bit LSB shared object" instead of "ELF 64-bit LSB executab
Viktor Dukhovni:
> On Wed, Feb 04, 2015 at 01:12:16PM -0500, Wietse Venema wrote:
>
> > Very lighty-tested patch follows. No INSTALL documentation until
> > this has been tested.
> >
> > Usage: $ make makefiles pie=yes ...
>
> Works on NETBSD6, with:
>
> pie=yes shared=yes dynamicmaps=yes
>
Wietse Venema:
> Wietse Venema:
> > Indeed. PIE support is a new feature. New features are not added
> > during the code freeze. You're welcome to back-port this new feature
> > once we have tested it in Postfix 3.1 with multiple build options
> > (shared/nonshared) and with multiple OS distributio
On Wed, Feb 04, 2015 at 01:12:16PM -0500, Wietse Venema wrote:
> Very lighty-tested patch follows. No INSTALL documentation until
> this has been tested.
>
> Usage: $ make makefiles pie=yes ...
Works on NETBSD6, with:
pie=yes shared=yes dynamicmaps=yes
pie=yes shared=no dynamicmaps=no
Wietse Venema:
> Indeed. PIE support is a new feature. New features are not added
> during the code freeze. You're welcome to back-port this new feature
> once we have tested it in Postfix 3.1 with multiple build options
> (shared/nonshared) and with multiple OS distributions. This does
> not appea
16 matches
Mail list logo
