I would like to change my system from being "hardened" to vanilla. One of the reasons is that I could use prelink.
My question is: is there anyone who maybe tried to write a script which will remerge packages which have binaries still hardened? Remerging all will take me a week and it would be nice to have such a tool. For example, during remerge, if anything fails then there is a need to track all things that were already done and remerge only the others.. Lots of packages->lots of work ;) or I would like to remerge "system" first and then the rest of the world...
Any ideas, anyone?;)
hardened->vanilla
Message
Re: hardened->vanilla
Prelink works perfectly with the hardened toolchain. Some people seem to have had problems with prelink and the hardened kernel sources, but that is something else entirely.sotn3m wrote:I would like to change my system from being "hardened" to vanilla. One of the reasons is that I could use prelink.
My question is: is there anyone who maybe tried to write a script which will remerge packages which have binaries still hardened? Remerging all will take me a week and it would be nice to have such a tool. For example, during remerge, if anything fails then there is a need to track all things that were already done and remerge only the others.. Lots of packages->lots of workor I would like to remerge "system" first and then the rest of the world...
Any ideas, anyone?;)
Otherwise, the hardened profile only affects most packages at build time (using the hardened gcc profile). A small number of packages (ex. pkgconfig, glib) are influenced by the hardened use flag and those use flags implied (ex. selinux) by the hardened profile.
These shouldn't be too hard to reemerge with the vanilla profile via a standard 'emerge -uDN world'.
I myself have been using the hardened profile with moderate CFLAGS and LDFLAGS, prelink, and a ck kernel for the better part of a year now. Save for the extremely rare failed build, I cannot think of a reason not to use the hardened profile.
Re: hardened->vanilla
What kind of packages do You have? Cause my doubts came from official prelink guide:erikm wrote: Prelink works perfectly with the hardened toolchain. Some people seem to have had problems with prelink and the hardened kernel sources, but that is something else entirely.
Otherwise, the hardened profile only affects most packages at build time (using the hardened gcc profile). A small number of packages (ex. pkgconfig, glib) are influenced by the hardened use flag and those use flags implied (ex. selinux) by the hardened profile.
These shouldn't be too hard to reemerge with the vanilla profile via a standard 'emerge -uDN world'.
I myself have been using the hardened profile with moderate CFLAGS and LDFLAGS, prelink, and a ck kernel for the better part of a year now. Save for the extremely rare failed build, I cannot think of a reason not to use the hardened profile.
..Warning: Prelink will not work with Hardened Gentoo. This is because both projects try to change the address space mapping of shared libraries. But prelink with the -R option randomises library base addresses, providing some degree of hardened protection.
M3ntos
prelinking has securities issues
see http://kerneltrap.org/node/6662
see http://kerneltrap.org/node/6662
I can believe that..new_to_non_X86 wrote:prelinking has securities issues
see http://kerneltrap.org/node/6662
But I am beginning to be fed up with for exemple opera loading almost 10sec...
I have:
Code: Select all
model name : AMD Sempron(tm) 2200+
cpu MHz : 1512.272
cache size : 256 KBM3ntos
Factory pre-linking?