diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2017-12-12 21:31:22 -0500 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2017-12-12 21:31:22 -0500 |
| commit | b25ba8190376bf5649c79c6e0ca909c0107b6623 (patch) | |
| tree | c4c5277426d7321a05413fdafe94ed213715f763 /profiles/hardened | |
| parent | profiles: unmask pie for hardened/linux/uclibc (diff) | |
| download | gentoo-b25ba8190376bf5649c79c6e0ca909c0107b6623.tar.gz gentoo-b25ba8190376bf5649c79c6e0ca909c0107b6623.tar.bz2 gentoo-b25ba8190376bf5649c79c6e0ca909c0107b6623.zip | |
profiles: force pie, ssp and -pch on hardened/linux/{uclibc,musl}
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
Diffstat (limited to 'profiles/hardened')
| -rw-r--r-- | profiles/hardened/linux/musl/use.force | 4 | ||||
| -rw-r--r-- | profiles/hardened/linux/musl/use.mask | 9 | ||||
| -rw-r--r-- | profiles/hardened/linux/uclibc/use.force | 8 | ||||
| -rw-r--r-- | profiles/hardened/linux/uclibc/use.mask | 15 |
4 files changed, 35 insertions, 1 deletions
diff --git a/profiles/hardened/linux/musl/use.force b/profiles/hardened/linux/musl/use.force index 79e5575d13c3..e2d7cf05ec5c 100644 --- a/profiles/hardened/linux/musl/use.force +++ b/profiles/hardened/linux/musl/use.force @@ -2,3 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 elibc_musl + +# Make sure people don't accidentally turn of ssp/pie in important packages. +pie +ssp diff --git a/profiles/hardened/linux/musl/use.mask b/profiles/hardened/linux/musl/use.mask index 190b01bbbe98..b851b043ca08 100644 --- a/profiles/hardened/linux/musl/use.mask +++ b/profiles/hardened/linux/musl/use.mask @@ -6,3 +6,12 @@ elibc_uclibc elibc_glibc -hardened + +# precompiled headers are not compat with ASLR. +pch + +# prelink is masked for hardened +prelink + +# profile are incompatible when linking with pie +profile diff --git a/profiles/hardened/linux/uclibc/use.force b/profiles/hardened/linux/uclibc/use.force new file mode 100644 index 000000000000..b0ea1237d5a6 --- /dev/null +++ b/profiles/hardened/linux/uclibc/use.force @@ -0,0 +1,8 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +elibc_uclibc + +# Make sure people don't accidentally turn of ssp/pie in important packages. +pie +ssp diff --git a/profiles/hardened/linux/uclibc/use.mask b/profiles/hardened/linux/uclibc/use.mask index 3d0c2a2a416d..174226cb64e3 100644 --- a/profiles/hardened/linux/uclibc/use.mask +++ b/profiles/hardened/linux/uclibc/use.mask @@ -1,4 +1,17 @@ -# Copyright 1999-2014 Gentoo Foundation. +# Copyright 1999-2017 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 +-elibc_uclibc +elibc_musl +elibc_glibc + -hardened + +# precompiled headers are not compat with ASLR. +pch + +# prelink is masked for hardened +prelink + +# profile are incompatible when linking with pie +profile |