[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Hardened toolchain
From: |
kiasoc5 |
Subject: |
Re: Hardened toolchain |
Date: |
Tue, 29 Mar 2022 02:02:20 +0200 (CEST) |
Yes it would be easier to add the hardening flags to gcc directly, I just
wasn't sure whether the maintainers would be open to the idea.
Since the default gcc toolchain version is still on gcc 10, the hardening flags
could be added to gcc 11. Then the upgrade from gcc toolchain 10 to 11 can
benefit from the hardening flags, and "only" 1 world rebuild is needed.
Mar 28, 2022, 03:17 by maxim.cournoyer@gmail.com:
> Hi,
>
> Maxime Devos <maximedevos@telenet.be> writes:
>
>> zimoun schreef op ma 21-03-2022 om 14:34 [+0100]:
>>
>>> > * gcc can be compiled with `--enable-default-ssp --enable-default-
>>> > pie`
>>> > to enforce ssp and pic
>>>
>>> You wrote [1]:
>>>
>>> --8<---------------cut here---------------start------------->8---
>>> (define-public gcc
>>> (package
>>> (inherit gcc)
>>> (arguments
>>> (substitute-keyword-arguments (package-arguments gcc)
>>> ((#:configure-flags flags
>>> `(append (list "--enable-default-ssp" "--enable-default-pie")
>>> ,flags)))))))
>>> --8<---------------cut here---------------end--------------->8---
>>>
>>
>> I think it would be a lot simpler to just add this to the 'standard'
>> gcc configure flags, in (gnu packages gcc), given that probably the
>> idea is to do this hardening for all packages? Needs a world-rebuild
>> though.
>>
>
> +1. The whole distribution can probably benefit from this hardening.
>
> Maxim
>
- Re: Hardened toolchain, (continued)
- Message not available
- Re: Hardened toolchain, zimoun, 2022/03/22
- Re: Hardened toolchain, kiasoc5, 2022/03/22
- Re: Hardened toolchain, kiasoc5, 2022/03/25
- Re: Hardened toolchain, zimoun, 2022/03/25
- Re: Hardened toolchain, kiasoc5, 2022/03/26
- Re: Hardened toolchain, kiasoc5, 2022/03/26
- Re: Hardened toolchain, zimoun, 2022/03/27
Re: Hardened toolchain, Maxime Devos, 2022/03/27