User:Sam/Drafts/Hardened toolchain

From Gentoo Wiki
Jump to:navigation Jump to:search
Warning, this page is a work in progress by Sam (talk | contribs). Treat its contents with caution.

See also: User:Sam/TODO#Security.

State of the hardened profiles in 2021:

  • Defaults to -fstack-clash-protection
  • Defaults to -z,now
  • About to add USE=cet to sys-devel/gcc which, when combined with USE=hardened, builds with -fcf-protection=full by default

Future work:

  • Migrate -fstack-clash-protection into main profiles? See bug #675050.
  • Migrate -z,now to main profiles?
  • Make CET on-by-default on hardened

Further-into-the-future work:

  • Move CET into main profiles, on by default
Retrieved from "https://wiki.gentoo.org/index.php?title=User:Sam/Drafts/Hardened_toolchain&oldid=1036095"