2.4 branch

Gilles Espinasse g.esp at free.fr
Sat Dec 2 12:49:40 PST 2006


----- Original Message ----- 
From: "Robert Connolly" <robert at linuxfromscratch.org>
To: "Hardened LFS Development List" <hlfs-dev at linuxfromscratch.org>
Sent: Tuesday, November 28, 2006 8:58 PM
Subject: Re: 2.4 branch


> With all the Grsecurity/PaX options enabled in the kernel, the only
exploit
> not detected by Grsec, which is detected by SSP, is "return2libc". While
this
> is fairly serious I don't think its practical to add SSP to a gcc-3.4
> toolchain, for a release which is expected to be rock-solid. I've
considered
> the alternative of using gcc-4.1.1 without mudflap and fortify_source to
get
> SSP into the 2.4-branch, but gcc-4.1.1 can't build a linux-2.4 kernel, and
> can't build gcc-2.95.3, without tons of patches which would destabilize
> gcc-2.95.3. There are unfortunate compromises when making a stable
release,
> and I think this is one of them.
> I hope to make up for this by using sound code in the base system, audited
by
> the stricter gcc-4.1.1 (or even gcc-4.2) compiler warnings in unstable and
> merge the differences to the stable packages.

I have build a vanilia linux-2.4.34-pre6 with gcc (GCC) 4.1.1 (Gentoo
4.1.1-r1).
Unfortunatly it fail to boot because of "FATAL: kernel too old" error.
But this should be only because not the appropriate --enable-kernel option
was used with glibc-2.4

Gilles




More information about the hlfs-dev mailing list