gcc specs (and weekend update)

Robert Connolly robert at linuxfromscratch.org
Sun Aug 13 04:01:05 PDT 2006


Lots of new stuff this weekend. 

The majority of the Glibc tests should pass now. ld -pie is the only option 
left causing test failures, and hopefully that will be fixed by 
adding -no-pie to select places.

I started adding colors based on feature, so like ssp commands and 
descriptions and in red, pax patches/commands are in dark blue, pic/pie for 
aslr is in light blue because it's somewhat related to pax. I want to add 
more for fortify_source, blowfish, etc etc. Required stuff is normal black. I 
don't think it looks too lame. I'm hoping it will help us not use some 
features while using others... if you don't want to use blowfish then ignore 
its color.

I found the -z lazy patch from binutils-cvs and added it. -z lazy is the 
default behavior of ld, -z now is the counterpart. It was not completely 
necessary, but since it is in upstream I figured why not. -no commands are a 
bit better documented in the book now too. -nonow is the only flag in the gcc 
specs which is not legitimate to gcc-vanilla/ld-vanilla. I couldn't use -lazy 
because -l is a linking option... it tries to find a library named azy.so.

Added a program to test fortify_source against a strcpy() overflow, 
and -fstack-protector-all can be tested against the same program.

I'm planning to add the strlcpy-strlcat glibc patch from Owl and see how it 
fares against the strcpy() overflow program. I'm quite sure strlcpy() 
performs much better than __strcpy_chk() and is probably just as safe. I'm 
also planning to add the gzip patch to use mktemp, which also means moving 
mktemp to /bin. The Owl sanitize-environment/enable-secure, for Glibc and 
Ncurses, look like a good deal too. And of course the blowfish library, again 
from Owl. I ported the formatguard Immunix patch to glibc-2.4 but have yet to 
get it to work.

The changelog has more details.

robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20060813/572e26a7/attachment.sig>


More information about the hlfs-dev mailing list