80307 – (toolchain) Easy way to disable hardening in separate ebuilds

Bug 80307 - (toolchain) Easy way to disable hardening in separate ebuilds

Summary: (toolchain) Easy way to disable hardening in separate ebuilds

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Hardened (show other bugs)
Hardware:	All Linux

Importance:	High enhancement (vote)
Assignee:	The Gentoo Linux Hardened Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-02-01 02:20 UTC by Ole Tange
Modified:	2005-02-09 11:44 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ole Tange 2005-02-01 02:20:08 UTC

I would love every application to be compiled hardened with not problems. However, that day seems not to be close. So it is more realistic that I will compile most applications with hardened but compiling failing applications without hardened.

I can change gcc to non-hardened, but this will compile every application as non-hardened and not just the single failing application.

I therefore propose a directive in ebuilds that will disable hardening for a single ebuild. This will make it easier for people to start using hardening: If it does not work, insert the directive in the offending ebuild, submit a bugreport and move on.

Until a permanent fix is found the ebuild with the directive should be adopted in the ebuild in the normal portage-tree. This will also make it fairly easy for the hardening-group to find the failing ebuilds.


Reproducible: Always
Steps to Reproduce:

Comment 1 solar (RETIRED) gentoo-dev

2005-02-09 11:44:09 UTC

There already exists a method to disable as needed via ebuilds. 
It's calledCFLAGS/LDFLAGS

The following flags are of use.

-fno-stack-protector | -fno-stack-protector-all
-fno-pie | -fno-PIE

-nopie
-norelro
-nonow