----- Original Message ----- From: "Robert Connolly" <[EMAIL PROTECTED]> To: "Hardened LFS Development List" <[email protected]> Sent: Tuesday, November 28, 2006 8:58 PM Subject: Re: 2.4 branch
> With all the Grsecurity/PaX options enabled in the kernel, the only exploit > not detected by Grsec, which is detected by SSP, is "return2libc". While this > is fairly serious I don't think its practical to add SSP to a gcc-3.4 > toolchain, for a release which is expected to be rock-solid. I've considered > the alternative of using gcc-4.1.1 without mudflap and fortify_source to get > SSP into the 2.4-branch, but gcc-4.1.1 can't build a linux-2.4 kernel, and > can't build gcc-2.95.3, without tons of patches which would destabilize > gcc-2.95.3. There are unfortunate compromises when making a stable release, > and I think this is one of them. > I hope to make up for this by using sound code in the base system, audited by > the stricter gcc-4.1.1 (or even gcc-4.2) compiler warnings in unstable and > merge the differences to the stable packages. I have build a vanilia linux-2.4.34-pre6 with gcc (GCC) 4.1.1 (Gentoo 4.1.1-r1). Unfortunatly it fail to boot because of "FATAL: kernel too old" error. But this should be only because not the appropriate --enable-kernel option was used with glibc-2.4 Gilles -- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
