| View previous topic :: View next topic |
| Author |
Message |
ScOut3R
Tux's lil' helper
Joined: 29 Apr 2005
Posts: 116
Location: Australia
|
 Posted: Fri Jun 22, 2007 1:06 pm Post subject: Non-hardened to hardened |
 |
|
Hey There!
I have a "non-hardened" Gentoo server. I know it's not a good idea, but when i had to install it i didn't have time to make a stage 1 bootstrap. So, not long ago glibc-2.5 became stable in the hardened profile and i'm thinking about recompile the whole system to become hardened. These are the steps which i think necessary: first of all a change de profile to hardened, than i compile glibc-2.5 with gcc 4.1.2 (this is the actual compiler), then i compile 3.4.6 gcc, then i compile glibc-2.5 again but now with gcc 3.4.6, then again i recompile gcc 3.4.6, and after this a recompile world, and last i remoce gcc 4.1.2.
I'd like to ask you that will this work or should i use another way? |
|
| Back to top |
|
 |
Abraxas
l33t
Joined: 25 May 2003
Posts: 814
|
| Posted: Fri Jun 22, 2007 2:45 pm Post subject: |
|
|
| I would think that you only have to emerge the vanilla versions of gcc-4.1.2 and glibc-2.5 and then recompile the hardened versions. Then recompile world. It looks like gcc is stuck on 3.4.6 for the hardened profile but you should be using kevquinn's pieworld overlay for gcc if you want a fully hardened gcc-4.1.2/glibc-2.5 system. I am running it on x86_64 right now. |
|
| Back to top |
|
|
ScOut3R
Tux's lil' helper
Joined: 29 Apr 2005
Posts: 116
Location: Australia
|
| Posted: Sun Jun 24, 2007 1:22 pm Post subject: |
|
|
| Abraxas wrote: | | I would think that you only have to emerge the vanilla versions of gcc-4.1.2 and glibc-2.5 and then recompile the hardened versions. Then recompile world. It looks like gcc is stuck on 3.4.6 for the hardened profile but you should be using kevquinn's pieworld overlay for gcc if you want a fully hardened gcc-4.1.2/glibc-2.5 system. I am running it on x86_64 right now. |
I'm okay with the 3.4.6 version. I just asked because I don't want to break my system with this change. So I'm still interested if this way will work or not. |
|
| Back to top |
|
|
ScOut3R
Tux's lil' helper
Joined: 29 Apr 2005
Posts: 116
Location: Australia
|
| Posted: Wed Jun 27, 2007 1:11 pm Post subject: |
|
|
| UP! |
|
| Back to top |
|
|
Abraxas
l33t
Joined: 25 May 2003
Posts: 814
|
| Posted: Fri Jun 29, 2007 9:52 pm Post subject: |
|
|
| ScOut3R wrote: | | Abraxas wrote: | | I would think that you only have to emerge the vanilla versions of gcc-4.1.2 and glibc-2.5 and then recompile the hardened versions. Then recompile world. It looks like gcc is stuck on 3.4.6 for the hardened profile but you should be using kevquinn's pieworld overlay for gcc if you want a fully hardened gcc-4.1.2/glibc-2.5 system. I am running it on x86_64 right now. |
I'm okay with the 3.4.6 version. I just asked because I don't want to break my system with this change. So I'm still interested if this way will work or not. |
I don't think gcc-3 is going to work with glibc-2.5 if you want to use SSP, which is a part of the hardened profile. SSP is different in gcc-4 and not compatible with earlier versions. It will only work if Gentoo has backported the current SSP to gcc-3 or has support for the old SSP in the new gcc, which is not standard. I heard rumblings of this not to long ago but I'm not sure if either of these solutions are a part of the stable tree. |
|
| Back to top |
|
|
|
Networking & Security
