On Mon, Apr 16, 2018 at 07:53:07PM +0200, Toralf Förster wrote: > On 04/16/2018 11:14 AM, Hanno Böck wrote: > > There's also another question related to this: What's the future for > > Gentoo hardened? > > From what I can tell hardened consists of: > > * the things that try to make it compatible with grsec/pax > > (more or less obsolete). > > * things that are now in default profiles anyway (aslr, stack > > protector). > > * things that probably should be in default profiles (relro, now linker > > flags) > > * -fstack-check, which should eventually be replaced with > > -fstack-clash-protection (only available in future gcc's) and that > > should probably also go into default profiles. > > * Furthermore hardened disables some useful features due to their > > incompatibility with pax (e.g. sanitizers). > > Which let me wonder, what I would lose today by a switch from > 17.0-hardened + USE-flags to 17.0/desktop/plasma at my KDE desktop?
Right now, the main things you'd lose are bindnow and fstack-protector-all vs fstack-protector-strong i think. But in the future as new hardening stuff is added to the toolchains they will likely be enabled in hardened before default too. -- Jason > > -- > Toralf > PGP 23217DA7 9B888F45 > >