Each one is gcc compiled with a different file. [1] gives you ssp, pie
and -D_FORTIFY_SOURCES=2. [2] removes pie from that list, [3] removes
pie and ssp from that list, [4] removes just ssp and [5] is as it says,
vanilla.
If you want a hardened toolchain, switch to [1]. Recompile your
toolchain (gcc, glibc, binutils), then recompile system then recompile
world. You can, if you are brave and know what you're doing, just
recompile world rather than system, then world.
You can switch between specs using gcc-config. You shouldn't have to.
Any package with a descent build system can have pie, say, turned off by
passing -nopie in CFLAGS.
On 03/13/2012 04:37 AM, Michele wrote:
So, what does it change for me practically speaking?
Can I always use gcc as usual? Can I compile and link as always or do
I get any performance hit in my generated binaries? Do I get different
gcc versions and have to select one through eselect?
mic
On 13/03/2012 9:03, Steven Cristian wrote:
Once you use the 'hardened' flag on sys-devel/gcc and base-gcc it shows
this :
blacknoxis SpecialPackages # gcc-config -l
[1] x86_64-pc-linux-gnu-4.6.2 *
[2] x86_64-pc-linux-gnu-4.6.2-hardenednopie
[3] x86_64-pc-linux-gnu-4.6.2-hardenednopiessp
[4] x86_64-pc-linux-gnu-4.6.2-hardenednossp
[5] x86_64-pc-linux-gnu-4.6.2-vanilla
You can chose then.
> Date: Tue, 13 Mar 2012 08:46:56 +0100
> From: [email protected]
> To: [email protected]
> Subject: Re: [sabayon-dev] Sabayon Hardening: Proposed Roadmap
>
> I agree with you that we should introduce hardened features one by one
> and the proposed roadmap does make sense.
> Does the hardened version of GCC show up as a different gcc-config
> profile? Or does it replace the non-hardened profile in the same
> sys-devel/gcc slot?
>
> Cheers,
> --
> Fabio Erculiani
>
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail : [email protected]
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
