Re: [gentoo-dev] Building hardened gcc specs always, just not enabling them by default

[...] > > Well, in my opinion we could get rid of virtualbox anyway (p.mask it > everywhere), I think it has been tainted in the kernel as crap. > > please do the same for x11-drivers/nvidia-drivers and x11-drivers/ati-drivers

Re: [gentoo-dev] Building hardened gcc specs always, just not enabling them by default

On 10/24/11 12:58 PM, Anthony G. Basile wrote: > Well not totally on their own, they'd report it and we'd have to see > what we want to do on an ad hoc basis. Fair enough, that's why I suggested to make the hardened spec non-default, so that they have to switch it, and include the info in emerge -

Re: [gentoo-dev] Building hardened gcc specs always, just not enabling them by default

On 10/24/2011 02:58 AM, "Paweł Hajdan, Jr." wrote: > >> How would we say, >> if you use gcc-config and choose gcc-4.5.1-hardened spec, mask >> gdb-7.0*? I don't think its impossible, but I'm not seeing how to >> proceed right now. > First, I'd like the hardened spec to be non-default, so that if t

Re: [gentoo-dev] Building hardened gcc specs always, just not enabling them by default

On 10/23/11 9:47 PM, Anthony G. Basile wrote: > So if you look in the hardened profiles, you'll see some things masked > like net-im/skype because of the kernel, and some things masked like > =sys-devel/gdb-7.0* because of the toolchain. If the hardened toolchain > moves into mainstream, then we'l

Re: [gentoo-dev] Building hardened gcc specs always, just not enabling them by default

On 10/23/2011 03:20 PM, Alexandre Rostovtsev wrote: > On Sun, Oct 23, 2011 at 3:03 PM, Anthony G. Basile > wrote: >> Where would the hardened profiles fit in this? This requires some >> thought. Right now "hardened" means three choices: 1) hardened >> toolchain, 2) hardened-sources kernel, 3)

Re: [gentoo-dev] Building hardened gcc specs always, just not enabling them by default

On Sun, Oct 23, 2011 at 3:03 PM, Anthony G. Basile wrote: > Where would the hardened profiles fit in this?   This requires some > thought.  Right now "hardened" means three choices: 1) hardened > toolchain, 2) hardened-sources kernel, 3) hardened profile.  Some > packages are masked or added to th

Re: [gentoo-dev] Building hardened gcc specs always, just not enabling them by default

On 10/23/2011 02:00 PM, "Paweł Hajdan, Jr." wrote: > Looks like the thread I started about moving more hardened features to > default > > got a lot of positive feedback. Kernel hardening features are more > problematic

[gentoo-dev] Building hardened gcc specs always, just not enabling them by default

Looks like the thread I started about moving more hardened features to default got a lot of positive feedback. Kernel hardening features are more problematic, but hardening the toolchain seems to be within reach. I'd