User:Sam/Drafts/Hardened toolchain

From Gentoo Wiki
Jump to:navigation Jump to:search
This article is a work in progress; treat its contents with caution - Sam (talk | contribs).

See also: User:Sam/TODO#Security.

State of the hardened profiles in 2021:

  • Defaults to -fstack-clash-protection
  • Defaults to -z,now
  • About to add USE=cet to sys-devel/gcc which, when combined with USE=hardened, builds with -fcf-protection=full by default

Future work:

  • Migrate -fstack-clash-protection into main profiles? See bug #675050.
  • Migrate -z,now to main profiles?
  • Make CET on-by-default on hardened

Further-into-the-future work:

  • Move CET into main profiles, on by default
Retrieved from "https://wiki.gentoo.org/index.php?title=User:Sam/Drafts/Hardened_toolchain&oldid=1036095"