[gentoo-commits] repo/gentoo:master commit in: profiles/hardened/linux/musl/, profiles/hardened/linux/uclibc/

Anthony G. Basile Tue, 12 Dec 2017 18:32:16 -0800

commit:     b25ba8190376bf5649c79c6e0ca909c0107b6623
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Wed Dec 13 02:31:22 2017 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Wed Dec 13 02:31:22 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b25ba819


profiles: force pie, ssp and -pch on hardened/linux/{uclibc,musl}

Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org>

 profiles/hardened/linux/musl/use.force   |  4 ++++
 profiles/hardened/linux/musl/use.mask    |  9 +++++++++
 profiles/hardened/linux/uclibc/use.force |  8 ++++++++
 profiles/hardened/linux/uclibc/use.mask  | 15 ++++++++++++++-
 4 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/profiles/hardened/linux/musl/use.force 
b/profiles/hardened/linux/musl/use.force
index 79e5575d13c..e2d7cf05ec5 100644
--- a/profiles/hardened/linux/musl/use.force
+++ b/profiles/hardened/linux/musl/use.force
@@ -2,3 +2,7 @@
 # Distributed under the terms of the GNU General Public License v2
 
 elibc_musl
+
+# Make sure people don't accidentally turn of ssp/pie in important packages.
+pie
+ssp

diff --git a/profiles/hardened/linux/musl/use.mask 
b/profiles/hardened/linux/musl/use.mask
index 190b01bbbe9..b851b043ca0 100644
--- a/profiles/hardened/linux/musl/use.mask
+++ b/profiles/hardened/linux/musl/use.mask
@@ -6,3 +6,12 @@ elibc_uclibc
 elibc_glibc
 
 -hardened
+
+# precompiled headers are not compat with ASLR.
+pch
+
+# prelink is masked for hardened
+prelink
+
+# profile are incompatible when linking with pie
+profile

diff --git a/profiles/hardened/linux/uclibc/use.force 
b/profiles/hardened/linux/uclibc/use.force
new file mode 100644
index 00000000000..b0ea1237d5a
--- /dev/null
+++ b/profiles/hardened/linux/uclibc/use.force
@@ -0,0 +1,8 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+elibc_uclibc
+
+# Make sure people don't accidentally turn of ssp/pie in important packages.
+pie
+ssp

diff --git a/profiles/hardened/linux/uclibc/use.mask 
b/profiles/hardened/linux/uclibc/use.mask
index 3d0c2a2a416..174226cb64e 100644
--- a/profiles/hardened/linux/uclibc/use.mask
+++ b/profiles/hardened/linux/uclibc/use.mask
@@ -1,4 +1,17 @@
-# Copyright 1999-2014 Gentoo Foundation.
+# Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
+-elibc_uclibc
+elibc_musl
+elibc_glibc
+
 -hardened
+
+# precompiled headers are not compat with ASLR.
+pch
+
+# prelink is masked for hardened
+prelink
+
+# profile are incompatible when linking with pie
+profile

[gentoo-commits] repo/gentoo:master commit in: profiles/hardened/linux/musl/, profiles/hardened/linux/uclibc/

Reply via email to