>From [email protected] Thu Sep 15 16:03:31 2011
>DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
>h=mime-version:reply-to:in-reply-to:references:date:message-id
>:subject:from:to:content-type;
>bh=kY1gasrwKPDiR1SMIn3cjJDmW1LWRP2RblMzlI6oeEY=;
>b=qE/NProQ4ve3hMGaGftTHEtUJK+BYxVPdg1Kop0TbfhKrTENshwjL12n0it66isGKc
>QkUV+jkkVeVNvoeLrotxXlj1qrGLAEJzNpaBgqSRPytKsyRa0srDrxAvKkQypPFOTjKi
>P9WXZ0SiW76Tk3UrEgoA3dG8MWwVtqRyUeO0o=
>MIME-Version: 1.0
>Reply-To: [email protected]
>In-Reply-To: <[email protected]>
>References:
><cah8yc8mnmn7d8l_gomapmztwzqoqurfxtqlktnl1ukpcg10...@mail.gmail.com>
><[email protected]>
><CAH8yC8=iqkWU-G4Woeuhm6asx_cABCaXJ=yXwFcuypf=sp6...@mail.gmail.com>
><[email protected]>
>Date: Thu, 15 Sep 2011 17:59:03 -0400
>Subject: Re: GCC 4.2.4?
>From: Jeffrey Walton <[email protected]>
>To: [email protected], Jeffrey Walton <[email protected]>, [email protected]
>Content-Type: text/plain; charset=ISO-8859-1
>List-Help: <mailto:[email protected]?body=help>
>List-ID: <misc.openbsd.org>
>List-Owner: <mailto:[email protected]>
>List-Post: <mailto:[email protected]>
>List-Subscribe: <mailto:[email protected]?body=sub%20misc>
>List-Unsubscribe: <mailto:[email protected]?body=unsub%20misc>
>X-Loop: [email protected]
>Precedence: list
>Sender: [email protected]
>
>On Thu, Sep 15, 2011 at 5:23 PM, Marc Espie <[email protected]> wrote:
>> On Thu, Sep 15, 2011 at 03:17:36PM -0400, Jeffrey Walton wrote:
>>> I'm interested in seeing if (1) patches have been applied to fix my
>>> template error problem
>>> (http://gcc.gnu.org/bugzilla/show_bug.cgi?id=21656); and (2) the
>>> compiler/linker is using hardened settings (I know 4.2.1 is not
>>> hardened out of the box).
>>
>> lol.
>>
>> 4.2.1 *in OpenBSD* is "hardened" more, and has been tested as an hardened
>> compiler for more time than gcc 4.2.4.
>I believe -z relro -z now are fairly standard for GOT and PLT attack
>remediations. I know some flavors of Linux include them in the spec
>file for a gcc:
>
> $ uname -a
> OpenBSD germain.home.pvt 4.9 GENERIC#671 i386
> $ /usr/local/bin/egcc -dumpspecs | grep -i relro
> $ /usr/local/bin/egcc -dumpspecs | grep -i wall
> $ /usr/local/bin/egcc -dumpspecs | grep -i wextra
> $ /usr/local/bin/egcc -dumpspecs | grep -i format
> $ /usr/local/bin/egcc -dumpspecs | grep -i security
> $
>
>Also, I was not sure about -Wformat=2 -Wformat-security. I guess it
>depends on what procedures are in place to enforce policy (or in
>OpenBSD's case, its position on security).
>
>> (unless you want to get f*d harder by the GPLv3, that is)
>I sometimes wonder about the whole free software, free beer thing. Its
>kind of like trying to figure out how US politicians claim to balance
>a budget, yet the US is trillions in debt.
>
>Jeff
