[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-hardened
Subject:    Re: [gentoo-hardened] Confusing documentation
From:       Adam Mondl <tocharian () trilug ! org>
Date:       2004-11-30 14:09:55
Message-ID: 1101823795.7513.2.camel () tuxracer
[Download RAW message or body]


On Tue, 2004-11-30 at 13:12 +0000, David Cannings wrote: 
> The page at http://www.gentoo.org/proj/en/hardened/propolice.xml
> suggests the following regarding SSP:
> 
> "If you would the protection on by default add -fstack-protector to your
> CFLAGS in /etc/make.conf."
> 
> However, this is contradicted by other pages on the hardened project
> website which say USE="hardened" is the correct way.  Obviously
> USE="hardened" is correct (as it implies -fstack-protector-all), but the
> above could confuse people.
> 
> I arrived at that page from the grsecurity/PaX documentation at
> http://www.gentoo.org/proj/en/hardened/grsecurity2.xml, I can't see it
> linked elsewhere but I haven't looked exhaustively.
> 
> The rest of the documentation is great, it seems the Gentoo documents
> cover more than the grsecurity ones in some aspects.  I've now got a
> kernel with PaX/grsecurity and I'm just rebuilding world to get SSP.

Unfortunately that propolice document is outdated in several aspects and
shouldn't be linked by any current documents so thanks for pointing this
out.  I am in the process of writing a more complete and up-to-date SSP
guide that will replace that guide in the future.

For now the most up-to-date explanation regarding turning on SSP
building is probably in the Hardened FAQ:

http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml#hardenedcflags

-- 
Adam Mondl <tocharian@trilug.org>

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]