[grsec] difference between "new" and "legacy" toolchain
Marcel Meyer
meyerm at fs.tum.de
Sat Oct 30 20:37:45 EDT 2004
Thank you all for answering my question. :-)
Am Samstag, 30. Oktober 2004 20:15 schrieb pageexec at freemail.hu:
> > enabling the PAX features requires your applications beeing compiled
> > with "a new toolchain". Now I'm wondering what's that exactly. Does
> > this only mean, I need simply a quite recent gcc/coreutils/etc. or
> > what's so special about the needed toolchain?
>
> you need only a new binutils (ld) and you can find the patch on the
> PaX homepage. gentoo already includes it by default, [...]
Ah, ok. That explains my confusion. It did work with my current toolchain
(using gentoo) but I did not need to patch it...
Thanks for mentioning it.
BTW: I read through some docs and decided to add the following flags. Are
they OK for the toolchain mentioned above together with PAX/GRsecurity or
too less/much (I mean do they interfere or are simply useless with the
special patched toolchain)?
CFLAGS="-O2 -march=i686 -pipe -fomit-frame-pointer -fstack-protector-all
-fPIE -fPIC"
LDFLAGS="-Wl,-z,now -Wk,-z,relro"
--
Marcel Meyer
| Netzwerk- und Rechnerorganisation
| Fachschaft Mathematik/Physik/Informatik
| Technische Universität München
More information about the grsecurity
mailing list