Re: [gentoo-dev] Hardening a default profile

2017-06-17 Thread Alexis Ballier
On Sat, 17 Jun 2017 14:43:24 +0300 Andrew Savchenko wrote: > On Thu, 15 Jun 2017 19:52:07 -0500 Matthias Maier wrote: > > > there should be a way of turning these off systematically. the > > > advantage of the current hardened gcc specs is that one can switch > > > between

Re: [gentoo-dev] Hardening a default profile

2017-06-17 Thread Andrew Savchenko
On Thu, 15 Jun 2017 19:52:07 -0500 Matthias Maier wrote: > > there should be a way of turning these off systematically. the > > advantage of the current hardened gcc specs is that one can switch > > between them using gcc-config. if these are forced on for the default > > profile then there will

Re: [gentoo-dev] Hardening a default profile

2017-06-15 Thread Matthias Maier
> there should be a way of turning these off systematically. the > advantage of the current hardened gcc specs is that one can switch > between them using gcc-config. if these are forced on for the default > profile then there will be no easy way to systematically turn them off. No - there

Re: [gentoo-dev] Hardening a default profile

2017-06-15 Thread Anthony G. Basile
On 6/15/17 11:20 AM, Matthias Maier wrote: > Hi Michael, > > On Sun, Jun 11, 2017, at 16:39 CDT, Michael Brinkman > wrote: > >> So I was just wondering if ~arch is ready for more secure defaults on >> the 17.0 profiles in the linker flags. There are several >>

Re: [gentoo-dev] Hardening a default profile

2017-06-15 Thread Matthias Maier
Hi Michael, On Sun, Jun 11, 2017, at 16:39 CDT, Michael Brinkman wrote: > So I was just wondering if ~arch is ready for more secure defaults on > the 17.0 profiles in the linker flags. There are several > distributions which ship RELRO by default and I am not

Re: [gentoo-dev] Hardening a default profile

2017-06-15 Thread Tiziano Müller
Hi Michael Am 11.06.2017 um 23:39 schrieb Michael Brinkman: > Hello, so I've been running Gentoo Hardened for a few years on my > laptop, my desktop, and a server made from an older desktop. > > Because of Grsecurity closing access to its source to non-subscribers, > I decided that I would just

[gentoo-dev] Hardening a default profile

2017-06-11 Thread Michael Brinkman
Hello, so I've been running Gentoo Hardened for a few years on my laptop, my desktop, and a server made from an older desktop. Because of Grsecurity closing access to its source to non-subscribers, I decided that I would just try to stick with Gentoo-sources and harden the default profile and