adding support for hardened toolchain
Heiko Zuerker
heiko@zuerker.org
Wed Jan 5 19:50:00 GMT 2011
Quoting Bryan Hundven <bryanhundven@gmail.com>:
[.............]
>> The hardened toolchain is not anything folks would look at on their own
>> usually. Adding it to ct-ng would give it more exposure and more folks may
>> tend to try it out. We really need to get to a place where things get more
>> secure for everybody.
>>
>> We'll see when I actually get a chance to look into writing a patch for
>> this...
>
> After looking into this a bit more, I think I get it now, and I would
> like to see this get into crosstool-ng.
Cool :)
> It seems to me that the patch directory needs to be refactored. I
> would suggest something like:
>
> patches/
> <architecture>/
> <program>/
> <version>/
> <patch>.patch
>
> Where one of the "architecture"s would be "any" and another would be
> "security", besides just x86, powerpc, arm, etc...
>
> This makes sense, because my x86 toolchain doesn't need patches that
> are specific to powerpc, and if the CT_TOOLCHAIN_HARDENING is enabled,
> it will apply patches from "security". Patches that would be applied
> regardless of architecture would go in "any".
On one hand I really like the idea of separating the architectures
out, but on the other hand I'm a bit worried about inter-dependencies.
Of course this could also simply be solved by moving these specific
patches into "any". We need to be careful not to turn this whole thing
into a maintenance nightmare whenever a new i.e. gcc comes out.
--
Regards
Heiko Zuerker
http://www.devil-linux.org
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
--
For unsubscribe information see http://sourceware.org/lists.html#faq
More information about the crossgcc
mailing list