[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Hardened toolchain
|
From: |
Maxime Devos |
|
Subject: |
Re: Hardened toolchain |
|
Date: |
Sun, 27 Mar 2022 22:22:20 +0200 |
|
User-agent: |
Evolution 3.38.3-1 |
zimoun schreef op ma 21-03-2022 om 14:34 [+0100]:
> > * gcc can be compiled with `--enable-default-ssp --enable-default-
> > pie`
> > to enforce ssp and pic
>
> You wrote [1]:
>
> --8<---------------cut here---------------start------------->8---
> (define-public gcc
> (package
> (inherit gcc)
> (arguments
> (substitute-keyword-arguments (package-arguments gcc)
> ((#:configure-flags flags
> `(append (list "--enable-default-ssp" "--enable-default-pie")
> ,flags)))))))
> --8<---------------cut here---------------end--------------->8---
I think it would be a lot simpler to just add this to the 'standard'
gcc configure flags, in (gnu packages gcc), given that probably the
idea is to do this hardening for all packages? Needs a world-rebuild
though.
Alternatively, the ssp and order hardening flags can be set in CFLAGS
for individual packages, maybe by default in 'gnu-build-system' and the
like.
Alternatively, you could look into how "--with-c-toolchain" does
things.
Greetings,
Maxime.
signature.asc
Description: This is a digitally signed message part
- Hardened toolchain, kiasoc5, 2022/03/21
- Hardened toolchain, zimoun, 2022/03/21
- Message not available
- Re: Hardened toolchain, zimoun, 2022/03/22
- Re: Hardened toolchain, kiasoc5, 2022/03/22
- Re: Hardened toolchain, kiasoc5, 2022/03/25
- Re: Hardened toolchain, zimoun, 2022/03/25
- Re: Hardened toolchain, kiasoc5, 2022/03/26
- Re: Hardened toolchain, kiasoc5, 2022/03/26
- Re: Hardened toolchain, zimoun, 2022/03/27
Re: Hardened toolchain,
Maxime Devos <=