On 12/02/2017 09:32 PM, Adam Carter wrote:
>
> Does having the hardened USE flag enabled = having a hardened toolchain?
If only it were that simple... what you really need to know is, did you
build everything on your system with PIE enabled?
* Some packages have "pie" USE flags, and it's only forced-on in the
hardened profiles. I think that flag may actually have been masked
in the default profiles?
* Even if you /built/ a hardened compiler, you can switch it off
with gcc-config.
* Your local flags in make.conf can disable some of that stuff, too.
If you were using a hardened *profile*, then chances are that you won't
need to rebuild (unless you switched to a non-hardened compiler on
purpose). Otherwise, I would play it safe and rebuild everything. The
newer GCC probably produces more efficient code anyway, and you will
preempt all of the inevitable problems that no one thought of and that
weren't mentioned in the news item.
