ssp patches for 3.5?
rogelio at smsglobal.net
Fri Apr 9 18:04:44 PDT 2004
On 2004-04-10 00:48:15 +0800 Zack Winkles
<winkie at linuxfromscratch.org> wrote:
> On Fri, Apr 09, 2004 at 11:16:19PM +0800, Rogelio Serrano
>> are there ssp patches for gcc-3.5? i can just go ahead and
>> use 3.3 patches
>> on 3.5 and try to make it work but i dont know somebody has
>> done this
> FYI, 3.5 is a horribly broken piece of crap. Are you
> absolutely sure
> you don't mean 3.4? 3.5 is currently in a holding pattern
> waiting for
> a merge with tree-ssa, which will be very soon. That holding
> seems to be mean that when things break, they don't fix it.
> Fair warning, but it's your choice...
I have both on my system actually. But i used 3.5 to build the
binutils, gcc, uClibc and kernel. I can wait for the merge. It
will still be a couple of months before i go into production
anyway. I will just rebuild averything when the new stuff comes
out. I have done 9 times this holiday already. First with pax
and selinux then without etc etc... Now i have pax with
selinux. Paxtest is failing the 4 buff overflow tests.
There are a lot of things for me to engineer. Are the tree-ssa
stuff going to hit the ssp stuff? I can work on ssp after the
merge if that is the case. I have to costumise the policy and
audit the boot scripts and everything it touches in the
meantime. Maybe im going to rewrite simpleinit since its doing
so many insecure accesses.
Is it important to do chapter 5 in enforcing mode? Well my goal
now is to run the kernel in enfrocing mode only.
More information about the hlfs-dev