On 15:09 Sat 03 Dec , Peper wrote: > > Hi, > > From this it seems you're using a hardened GCC (the vanilla is the one wo > > any patches). But to really use it you must be using also a hardened > > profile or (by memory) have "hardened pie" in your USE-flags to get a > > hardened binary (check hardened project). HTH.Rumen > > So there is no way to distcc use not hardened version while system is set to > use hardened version(with proper USE flasgs etc.)? > > -- > Best Regards, > Peper > -- > [email protected] mailing list > Hi, No one that i've heard of. Maybe you could just switch to a vanilla gcc-profile and later restore the hardened one (i've done that with some hardened bugs), but that's a lot of manual work as only you will know when you need to do it. And there are at least three additional patches (flags) for a hardened gcc - SSP, PIC and PIE. Another layer is the PaX patch to binutils (header marking) and some grsecurity patches which i think don't affect binaries generation. Both RSBAC & SELinux also use the hardened-GCC plus their own MAC tools in place of grsec's MAC. Think most of this is true but better post to gentoo-hardened ML too. HTH.Rumen -- [email protected] mailing list
