ssp patches for 3.5?

Rogelio Serrano rogelio at smsglobal.net
Fri Apr 9 18:04:44 PDT 2004


On 2004-04-10 00:48:15 +0800 Zack Winkles 
<winkie at linuxfromscratch.org> wrote:

> On Fri, Apr 09, 2004 at 11:16:19PM +0800, Rogelio Serrano 
> wrote:
>> are there ssp patches for gcc-3.5? i can just go ahead and 
>> use 3.3 patches 
>> on 3.5 and try to make it work but i dont know somebody has 
>> done this 
>> already.
> 
> FYI, 3.5 is a horribly broken piece of crap.  Are you 
> absolutely sure
> you don't mean 3.4?  3.5 is currently in a holding pattern 
> waiting for
> a merge with tree-ssa, which will be very soon.  That holding 
> pattern
> seems to be mean that when things break, they don't fix it.
> 
> Fair warning, but it's your choice...
> 

I have both on my system actually. But i used 3.5 to build the 
binutils, gcc, uClibc and kernel. I can wait for the merge. It 
will still be a couple of months before i go into production 
anyway. I will just rebuild averything when the new stuff comes 
out. I have done 9 times this holiday already. First with pax 
and selinux then without etc etc... Now i have pax with 
selinux. Paxtest is failing the 4 buff overflow tests.

There are a lot of things for me to engineer. Are the tree-ssa 
stuff going to hit the ssp stuff? I can work on ssp after the 
merge if that is the case. I have to costumise the policy and 
audit the boot scripts and everything it touches in the 
meantime. Maybe im going to rewrite simpleinit since its doing 
so many insecure accesses.

Is it important to do chapter 5 in enforcing mode? Well my goal 
now is to run the kernel in enfrocing mode only.




More information about the hlfs-dev mailing list