toolchain stuff

Robert Connolly robert at linuxfromscratch.org
Wed Jun 6 23:29:19 PDT 2007


Dropping -fpic isn't working out. There are too many static convenience libs 
that get linked into programs.

The new gcc specs patch should be ready today or tommorrow. It's much more 
configurable, and there may be parts that some of you may not want... like 
changes to libmudflap so it just kills programs instead of giving debugging 
info. By default, without adding definitions to the headers, the patch will 
change nothing.

I added mkstemps to the arc4random glibc patch, so libiberty and others can 
use this libc version instead. I just copied mkstemps.c from gcc, and 
replaced gettimeofday() with arc4random(). There's a bit of duplicate code 
with the other mktemp stuff in glibc, but it's probably less than 1kb 
compiled so it's no big deal. This way the mktemp family in glibc doesn't 
need to be completely rewritten to support mkstemps().

Glibc-2.6 and GCC-4.2 are out, but I'd like to keep Glibc-2.5 and gcc-4.1.x. 
Neither of the new packages have added any significant hardening changes, and 
they're both going to take 6-12 months to stabilize with other packages.

It looks like the only way to get Glibc-2.6 working with Linux-2.4 is to 
disable threading. I don't think this is such a big problem. Linux-2.4 would 
be used mainly for network servers, and those daemons generally don't link to 
libpthread. Also, the pth gnu package can be used as a threading library.

While reading changes to Glibc-2.6, I discovered the strfry() function, and 
it's another place arc4random() can be used. strfry() is a glibc specific 
function that returns a randomized string. I'm not sure what uses it, but 
it's another function that uses gettimeofday() for entropy.

I finally added frandom back to the book earlier today. I talked to the 
Fortuna developer about adding frandom to his patch, but it looks like his 
opinion is to use /dev/urandom (his version) for everything and forget 
everything else.

robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20070607/3e13b6ba/attachment.sig>


More information about the hlfs-dev mailing list