gcc specs (and weekend update)
robert at linuxfromscratch.org
Sun Aug 13 04:01:05 PDT 2006
Lots of new stuff this weekend.
The majority of the Glibc tests should pass now. ld -pie is the only option
left causing test failures, and hopefully that will be fixed by
adding -no-pie to select places.
I started adding colors based on feature, so like ssp commands and
descriptions and in red, pax patches/commands are in dark blue, pic/pie for
aslr is in light blue because it's somewhat related to pax. I want to add
more for fortify_source, blowfish, etc etc. Required stuff is normal black. I
don't think it looks too lame. I'm hoping it will help us not use some
features while using others... if you don't want to use blowfish then ignore
I found the -z lazy patch from binutils-cvs and added it. -z lazy is the
default behavior of ld, -z now is the counterpart. It was not completely
necessary, but since it is in upstream I figured why not. -no commands are a
bit better documented in the book now too. -nonow is the only flag in the gcc
specs which is not legitimate to gcc-vanilla/ld-vanilla. I couldn't use -lazy
because -l is a linking option... it tries to find a library named azy.so.
Added a program to test fortify_source against a strcpy() overflow,
and -fstack-protector-all can be tested against the same program.
I'm planning to add the strlcpy-strlcat glibc patch from Owl and see how it
fares against the strcpy() overflow program. I'm quite sure strlcpy()
performs much better than __strcpy_chk() and is probably just as safe. I'm
also planning to add the gzip patch to use mktemp, which also means moving
mktemp to /bin. The Owl sanitize-environment/enable-secure, for Glibc and
Ncurses, look like a good deal too. And of course the blowfish library, again
from Owl. I ported the formatguard Immunix patch to glibc-2.4 but have yet to
get it to work.
The changelog has more details.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the hlfs-dev