I suggest that stack guard randomization be always enabled, instead of only in hardened systems. I have been using sys-libs/glibc built with stack guard randomization enabled on non-hardened system for 4 months without any problems. "hardened" USE flag of sys-libs/glibc is currently masked in non-hardened profiles. --- eclass/toolchain-glibc.eclass +++ eclass/toolchain-glibc.eclass @@ -780,7 +780,7 @@ [[ -d ports ]] && addons+=",ports" popd > /dev/null - myconf+=( $(use_enable hardened stackguard-randomization) ) + myconf+=( --enable-stackguard-randomization ) if has_version '<sys-libs/glibc-2.13' ; then myconf+=( --enable-old-ssp-compat ) fi
commit 28ec20d517e494deed48497b1c478f5bd4dff1a6 Author: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> Date: Wed Jun 14 17:00:32 2017 +0200 toolchain-glibc.eclass: Always enable stack guard randomization (bug #621742). Signed-off-by: Matthias Maier <tamiko@gentoo.org>