[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Hardened toolchain
From: |
Maxim Cournoyer |
Subject: |
Re: Hardened toolchain |
Date: |
Sun, 27 Mar 2022 23:17:52 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Hi,
Maxime Devos <maximedevos@telenet.be> writes:
> zimoun schreef op ma 21-03-2022 om 14:34 [+0100]:
>> > * gcc can be compiled with `--enable-default-ssp --enable-default-
>> > pie`
>> > to enforce ssp and pic
>>
>> You wrote [1]:
>>
>> --8<---------------cut here---------------start------------->8---
>> (define-public gcc
>> (package
>> (inherit gcc)
>> (arguments
>> (substitute-keyword-arguments (package-arguments gcc)
>> ((#:configure-flags flags
>> `(append (list "--enable-default-ssp" "--enable-default-pie")
>> ,flags)))))))
>> --8<---------------cut here---------------end--------------->8---
>
> I think it would be a lot simpler to just add this to the 'standard'
> gcc configure flags, in (gnu packages gcc), given that probably the
> idea is to do this hardening for all packages? Needs a world-rebuild
> though.
+1. The whole distribution can probably benefit from this hardening.
Maxim
- Hardened toolchain, kiasoc5, 2022/03/21
- Hardened toolchain, zimoun, 2022/03/21
- Message not available
- Re: Hardened toolchain, zimoun, 2022/03/22
- Re: Hardened toolchain, kiasoc5, 2022/03/22
- Re: Hardened toolchain, kiasoc5, 2022/03/25
- Re: Hardened toolchain, zimoun, 2022/03/25
- Re: Hardened toolchain, kiasoc5, 2022/03/26
- Re: Hardened toolchain, kiasoc5, 2022/03/26
- Re: Hardened toolchain, zimoun, 2022/03/27
Re: Hardened toolchain, Maxime Devos, 2022/03/27