On Thu, Sep 15, 2011 at 11:59 PM, Jeffrey Walton <noloa...@gmail.com> wrote: > On Thu, Sep 15, 2011 at 5:23 PM, Marc Espie <es...@nerim.net> wrote: >> On Thu, Sep 15, 2011 at 03:17:36PM -0400, Jeffrey Walton wrote: >>> I'm interested in seeing if (1) patches have been applied to fix my >>> template error problem >>> (http://gcc.gnu.org/bugzilla/show_bug.cgi?id=21656); and (2) the >>> compiler/linker is using hardened settings (I know 4.2.1 is not >>> hardened out of the box). >> >> lol. >> >> 4.2.1 *in OpenBSD* is "hardened" more, and has been tested as an hardened >> compiler for more time than gcc 4.2.4. > I believe -z relro -z now are fairly standard for GOT and PLT attack > remediations. I know some flavors of Linux include them in the spec > file for a gcc: > > B $ uname -a > B OpenBSD germain.home.pvt 4.9 GENERIC#671 i386 > B $ /usr/local/bin/egcc -dumpspecs | grep -i relro > B $ /usr/local/bin/egcc -dumpspecs | grep -i wall > B $ /usr/local/bin/egcc -dumpspecs | grep -i wextra > B $ /usr/local/bin/egcc -dumpspecs | grep -i format > B $ /usr/local/bin/egcc -dumpspecs | grep -i security > B $ > > Also, I was not sure about -Wformat=2 -Wformat-security. I guess it > depends on what procedures are in place to enforce policy (or in > OpenBSD's case, its position on security). > >> (unless you want to get f*d harder by the GPLv3, that is) > I sometimes wonder about the whole free software, free beer thing. Its > kind of like trying to figure out how US politicians claim to balance > a budget, yet the US is trillions in debt.
Second point http://www.openbsd.org/goals.html which leads to http://www.openbsd.org/policy.html as well Probably one of the reasons for http://www.bsdfund.org/projects/pcc/ ( http://undeadly.org/cgi?action=search&mode=&thres=&query=pcc ) and http://clang.llvm.org/ > > Jeff