FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Hardened

 
 
LinkBack Thread Tools
 
Old 01-17-2008, 06:03 PM
 
Default Hardened gcc-4

I'd like to give it a try. I'd like to help by testing it.
I've found this:
http://www.gentoo.org/proj/en/hardened/toolchain-upgrade-guide.xml
It seems to be a bit outdated, since binutils and glibc versions are all
right now by default. Should I just unhardmask gcc-4* and go ahead?
What about this one: https://bugs.gentoo.org/show_bug.cgi?id=106690?

Provide me some hints, please!
(Solar? Kevin?)

I feel myself alone.

Thx,
Dw.
--
dr Tóth Attila, Radiológus Szakorvos jelölt, 06-20-825-8057, 06-30-5962-962
Attila Toth MD, Radiologist in Training, +36-20-825-8057, +36-30-5962-962

--
gentoo-hardened@lists.gentoo.org mailing list
 
Old 01-17-2008, 06:30 PM
RB
 
Default Hardened gcc-4

I've had 4.x unmasked for some time now, which works fine but doesn't
apply PIE+SSP (or so it would seem). If you have apps that *need*
compilation with a vanilla 4.x, it'll work.

If you want to test an actual hardened 4.x GCC, look at Kevquinn's
pieworld overlay (http://overlays.gentoo.org/dev/kevquinn/wiki) - I
found that with about 2 minutes of bugzilla-foo.


RB
--
gentoo-hardened@lists.gentoo.org mailing list
 
Old 01-17-2008, 06:57 PM
Ned Ludd
 
Default Hardened gcc-4

On Thu, 2008-01-17 at 20:03 +0100, atoth@atoth.sote.hu wrote:
> I'd like to give it a try. I'd like to help by testing it.
> I've found this:
> http://www.gentoo.org/proj/en/hardened/toolchain-upgrade-guide.xml
> It seems to be a bit outdated, since binutils and glibc versions are all
> right now by default. Should I just unhardmask gcc-4* and go ahead?
> What about this one: https://bugs.gentoo.org/show_bug.cgi?id=106690?
>
> Provide me some hints, please!
> (Solar? Kevin?)

Of course there is the KQ overlay. For those who simply want basic
hardening that have no desire to wait for it to hit the tree. I'd
suggest just unmasking gcc-4, build it and then injecting some gcc
specs to handle it auto building hardened alike bins.

One of my setups looks like this.

solar@hangover /etc/env.d/gcc $ gcc-config -l
[1] x86_64-pc-linux-gnu-3.4.6
[2] x86_64-pc-linux-gnu-3.4.6-hardenednopie
[3] x86_64-pc-linux-gnu-3.4.6-hardenednopiessp
[4] x86_64-pc-linux-gnu-3.4.6-hardenednossp
[5] x86_64-pc-linux-gnu-3.4.6-vanilla
[6] x86_64-pc-linux-gnu-4.1.2
[7] x86_64-pc-linux-gnu-4.1.2-hardened *

solar@hangover /etc/env.d/gcc $ cat x86_64-pc-linux-gnu-4.1.2-hardened
PATH="/usr/x86_64-pc-linux-gnu/gcc-bin/4.1.2"
ROOTPATH="/usr/x86_64-pc-linux-gnu/gcc-bin/4.1.2"
GCC_PATH="/usr/x86_64-pc-linux-gnu/gcc-bin/4.1.2"
LDPATH="/usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2:/usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/32"
MANPATH="/usr/share/gcc-data/x86_64-pc-linux-gnu/4.1.2/man"
INFOPATH="/usr/share/gcc-data/x86_64-pc-linux-gnu/4.1.2/info"
STDCXX_INCDIR="g++-v4"
GCC_SPECS="/usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/hardened.specs"


#
The line that matters here is the one that defines GCC_SPECS=

http://dev.gentoo.org/~solar/hardened/gcc-4.1.1-x86_64-hardenednossp.specs
Or
http://dev.gentoo.org/~solar/hardened/gcc-4.1.1-x86-hardenednossp.specs


solar@hangover /etc/env.d/gcc $ wget -O - -q
http://dev.gentoo.org/~solar/x86_64-pc-linux-gnu-4.1.2-hardened.tar.bz2
| tar jtf -
etc/env.d/gcc/x86_64-pc-linux-gnu-4.1.2-hardened
usr/lib64/gcc/x86_64-pc-linux-gnu/4.1.2/hardened.specs


On another box that is pure gcc-4 I also handle pie/pic/etc
via /etc/portage/env/

That setup looks like

homeless env # find . -type l -ls
586387 0 lrwxrwxrwx 1 root root 10 Oct 21
16:06 ./net-misc/openssh -> ../env.pie
586389 0 lrwxrwxrwx 1 root root 10 Oct 21
16:06 ./net-misc/proftpd -> ../env.pie
586390 0 lrwxrwxrwx 1 root root 10 Oct 21
16:06 ./net-misc/rsync -> ../env.pie
586370 0 lrwxrwxrwx 1 root root 10 Oct 21
16:06 ./net-misc/oidentd -> ../env.pie
586404 0 lrwxrwxrwx 1 root root 10 Oct 21
16:06 ./net-misc/ntp -> ../env.pie
586406 0 lrwxrwxrwx 1 root root 10 Oct 21
16:06 ./net-irc/bitchx -> ../env.pie
586402 0 lrwxrwxrwx 1 root root 10 Oct 21
16:06 ./net-irc/epic4 -> ../env.pie
896065 0 lrwxrwxrwx 1 root root 10 Oct 21
16:06 ./net-dns/bind -> ../env.pie
895896 0 lrwxrwxrwx 1 root root 10 Oct 21
16:06 ./net-ftp/proftpd -> ../env.pie
895898 0 lrwxrwxrwx 1 root root 10 Oct 21
16:06 ./sys-apps/xinetd -> ../env.pie
895900 0 lrwxrwxrwx 1 root root 10 Oct 21
16:06 ./app-admin/syslog-ng -> ../env.pie
586408 0 lrwxrwxrwx 1 root root 10 Oct 21
16:06 ./net-mail/courier-imap -> ../env.pie
586410 0 lrwxrwxrwx 1 root root 10 Oct 21
16:06 ./app-antivirus/clamav -> ../env.pie
586415 0 lrwxrwxrwx 1 root root 10 Oct 21
16:06 ./dev-db/mysql -> ../env.pie
586417 0 lrwxrwxrwx 1 root root 10 Oct 21
16:06 ./mail-mta/postfix -> ../env.pie
586413 0 lrwxrwxrwx 1 root root 10 Oct 21
16:06 ./www-servers/apache -> ../env.pie
586424 0 lrwxrwxrwx 1 root root 10 Jan 7
21:08 ./www-servers/lighttpd -> ../env.pie
586419 0 lrwxrwxrwx 1 root root 10 Oct 21
16:06 ./dev-util/cvs -> ../env.pie

homeless env # cat env.pie
# This file can be sourced in on packages to build them as ET_DYN

if [[ ${CFLAGS/-fPIC/} == $CFLAGS ]]; then
echo " * Exporting: old pic compiler flag in $EBUILD_PHASE"
CFLAGS="${CFLAGS} -fPIC"
CXXFLAGS="$CFLAGS"
fi

if [[ ${LDFLAGS/-pie/} == $LDFLAGS ]]; then
echo " * Exporting: old pie linker flag in $EBUILD_PHASE"
LDFLAGS="$LDFLAGS -pie"
fi

export CFLAGS CXXFLAGS LDFLAGS


Note: That both of the methods I have shown do not enable SSP in gcc-4.


> I feel myself alone.

What you do in private is your own business.


--
Ned Ludd <solar@gentoo.org>
Gentoo Linux

--
gentoo-hardened@lists.gentoo.org mailing list
 
Old 01-17-2008, 08:55 PM
Peter Hjalmarsson
 
Default Hardened gcc-4

Hi!

Solars mail raised some questions for me.

On tor, 2008-01-17 at 11:57 -0800, Ned Ludd wrote:

> Of course there is the KQ overlay. For those who simply want basic
> hardening that have no desire to wait for it to hit the tree. I'd
> suggest just unmasking gcc-4, build it and then injecting some gcc
> specs to handle it auto building hardened alike bins.
>

As I understand this KQ's overlay is just basic hardening? How does this
differ (if it does) from solars first suggestion?

Is the stuff hitting portage base on KQ's or will it be based on
something diffrent (is KQ's worth toying with it or does it seem more
like the final implementation can be something breaking it)?

And is there any status of when it will hit portage (does not need to be
a timeframe, more like if there are mayor problems to overcome in the
implementation or if it is just a "minor" (maybe not that minor as the
problems that can arise from it are not that minor) thing like concerns
about breaking toolchain, or someone have not had the time to review it
well enough)?
 
Old 01-18-2008, 02:46 AM
 
Default Hardened gcc-4

On Csü, Január 17, 2008 20:57, Ned Ludd wrote:
>
> On Thu, 2008-01-17 at 20:03 +0100, atoth@atoth.sote.hu wrote:
>> I'd like to give it a try. I'd like to help by testing it.
>> I've found this:
>> http://www.gentoo.org/proj/en/hardened/toolchain-upgrade-guide.xml
>> It seems to be a bit outdated, since binutils and glibc versions are all
>> right now by default. Should I just unhardmask gcc-4* and go ahead?
>> What about this one: https://bugs.gentoo.org/show_bug.cgi?id=106690?
>>
>> Provide me some hints, please!
>> (Solar? Kevin?)
>
> Of course there is the KQ overlay. For those who simply want basic
> hardening that have no desire to wait for it to hit the tree. I'd
> suggest just unmasking gcc-4, build it and then injecting some gcc
> specs to handle it auto building hardened alike bins.
>
> One of my setups looks like this.
>
> solar@hangover /etc/env.d/gcc $ gcc-config -l
> [1] x86_64-pc-linux-gnu-3.4.6
> [2] x86_64-pc-linux-gnu-3.4.6-hardenednopie
> [3] x86_64-pc-linux-gnu-3.4.6-hardenednopiessp
> [4] x86_64-pc-linux-gnu-3.4.6-hardenednossp
> [5] x86_64-pc-linux-gnu-3.4.6-vanilla
> [6] x86_64-pc-linux-gnu-4.1.2
> [7] x86_64-pc-linux-gnu-4.1.2-hardened *
>
> solar@hangover /etc/env.d/gcc $ cat x86_64-pc-linux-gnu-4.1.2-hardened
> PATH="/usr/x86_64-pc-linux-gnu/gcc-bin/4.1.2"
> ROOTPATH="/usr/x86_64-pc-linux-gnu/gcc-bin/4.1.2"
> GCC_PATH="/usr/x86_64-pc-linux-gnu/gcc-bin/4.1.2"
> LDPATH="/usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2:/usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/32"
> MANPATH="/usr/share/gcc-data/x86_64-pc-linux-gnu/4.1.2/man"
> INFOPATH="/usr/share/gcc-data/x86_64-pc-linux-gnu/4.1.2/info"
> STDCXX_INCDIR="g++-v4"
> GCC_SPECS="/usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/hardened.specs"
>
>
> #
> The line that matters here is the one that defines GCC_SPECS=
>
> http://dev.gentoo.org/~solar/hardened/gcc-4.1.1-x86_64-hardenednossp.specs
> Or
> http://dev.gentoo.org/~solar/hardened/gcc-4.1.1-x86-hardenednossp.specs
>
>
> solar@hangover /etc/env.d/gcc $ wget -O - -q
> http://dev.gentoo.org/~solar/x86_64-pc-linux-gnu-4.1.2-hardened.tar.bz2
> | tar jtf -
> etc/env.d/gcc/x86_64-pc-linux-gnu-4.1.2-hardened
> usr/lib64/gcc/x86_64-pc-linux-gnu/4.1.2/hardened.specs
>
>
> On another box that is pure gcc-4 I also handle pie/pic/etc
> via /etc/portage/env/
>
> That setup looks like
>
> homeless env # find . -type l -ls
> 586387 0 lrwxrwxrwx 1 root root 10 Oct 21
> 16:06 ./net-misc/openssh -> ../env.pie
snip
> 586413 0 lrwxrwxrwx 1 root root 10 Oct 21
> 16:06 ./www-servers/apache -> ../env.pie
> 586424 0 lrwxrwxrwx 1 root root 10 Jan 7
> 21:08 ./www-servers/lighttpd -> ../env.pie
> 586419 0 lrwxrwxrwx 1 root root 10 Oct 21
> 16:06 ./dev-util/cvs -> ../env.pie
>
> homeless env # cat env.pie
> # This file can be sourced in on packages to build them as ET_DYN
>
> if [[ ${CFLAGS/-fPIC/} == $CFLAGS ]]; then
> echo " * Exporting: old pic compiler flag in $EBUILD_PHASE"
> CFLAGS="${CFLAGS} -fPIC"
> CXXFLAGS="$CFLAGS"
> fi
>
> if [[ ${LDFLAGS/-pie/} == $LDFLAGS ]]; then
> echo " * Exporting: old pie linker flag in $EBUILD_PHASE"
> LDFLAGS="$LDFLAGS -pie"
> fi
>
> export CFLAGS CXXFLAGS LDFLAGS
>
>
> Note: That both of the methods I have shown do not enable SSP in gcc-4.
>

Thanks for the suggestions.
BTW: why don't you enable SSP? If I would spend my time on separate specs,
I would surely go for SSP as well. Are there any known problems?

>
>> I feel myself alone.
>
> What you do in private is your own business.
>

Alone, not lonely.

Thx,
Dw.

>
> --
> Ned Ludd <solar@gentoo.org>
> Gentoo Linux
>
> --
> gentoo-hardened@lists.gentoo.org mailing list
>


--
gentoo-hardened@lists.gentoo.org mailing list
 
Old 01-18-2008, 06:16 AM
Ned Ludd
 
Default Hardened gcc-4

On Fri, 2008-01-18 at 04:46 +0100, atoth@atoth.sote.hu wrote:
> On Csü, Január 17, 2008 20:57, Ned Ludd wrote:
> >
> > On Thu, 2008-01-17 at 20:03 +0100, atoth@atoth.sote.hu wrote:

[snip]

> > Note: That both of the methods I have shown do not enable SSP in gcc-4.
> >
>
> Thanks for the suggestions.
> BTW: why don't you enable SSP? If


> I would spend my time on separate specs, I would surely go for SSP as well.

You are more than welcome to edit the specs for yourself and add the
ssp rules as well. I'm not a big fan of moving forward with ssp myself
and pie/relro/now is cheap/easy suits most of my needs so why not take
advantage of it..

If you want add ssp to those specs you can probably more or less base
them easy enough off the gcc-3.x specs.

Should/Would look something nearly exactly like this

*cc1_ssp:
%{!D__KERNEL__: %{!nostdlib: %{!fno-stack-protector: -fstack-protector
%{!D_LIBC: %{!D_LIBC_REENTRANT: %{!fno-stack-protector-all:
-fstack-protector} } } } } }

Then in the *cc1 section change

*cc1:
%(cc1_cpu) %{profile:-p} %(cc1_pie)

to

*cc1:
%(cc1_cpu) %{profile:-p} %(cc1_pie) %(cc1_ssp)


> Are there any known problems?

yes, but please don't ask me to document them for you.


--
gentoo-hardened@lists.gentoo.org mailing list
 
Old 01-18-2008, 07:03 PM
 
Default Hardened gcc-4

Hi Solar!

Thank you for sharing all these valuable informations with us.

--
dr Tóth Attila, Radiológus Szakorvos jelölt, 06-20-825-8057, 06-30-5962-962
Attila Toth MD, Radiologist in Training, +36-20-825-8057, +36-30-5962-962

On Pén, Január 18, 2008 08:16, Ned Ludd wrote:
>
> On Fri, 2008-01-18 at 04:46 +0100, atoth@atoth.sote.hu wrote:
>> On Csü, Január 17, 2008 20:57, Ned Ludd wrote:
>> >
>> > On Thu, 2008-01-17 at 20:03 +0100, atoth@atoth.sote.hu wrote:
>
> [snip]
>
>> > Note: That both of the methods I have shown do not enable SSP in
>> gcc-4.
>> >
>>
>> Thanks for the suggestions.
>> BTW: why don't you enable SSP? If
>
>
>> I would spend my time on separate specs, I would surely go for SSP as
>> well.
>
> You are more than welcome to edit the specs for yourself and add the
> ssp rules as well. I'm not a big fan of moving forward with ssp myself
> and pie/relro/now is cheap/easy suits most of my needs so why not take
> advantage of it..
>
> If you want add ssp to those specs you can probably more or less base
> them easy enough off the gcc-3.x specs.
>
> Should/Would look something nearly exactly like this
[snip]
>
>> Are there any known problems?
>
> yes, but please don't ask me to document them for you.
>

I would never ever ask you for that...

I would rather avoid tampering with eclass functions (using KQ overlay).
As I can make it out: ssp is built into gcc version 4.1+ taken from the
regular portage tree. KQ's version discards two patches, but applies a pie
patch. KQ's glibc installs a handler and takes care of unsupported and
supported archs.

I'll follow your advice and create some specs for the system. I wonder if
the spec files from KQ's overlay could be used along with current portage
toolchain ebuilds (gcc-4.1.1-r3 or gcc-4.1.2 and glibc-2.6.1)? I'm worried
about the pie patch missing...

What is the reason you are not keen on ssp as a security-focused developer?

Again: thx for your efforts.

Regards,
Dw.

--
gentoo-hardened@lists.gentoo.org mailing list
 
Old 01-18-2008, 07:50 PM
Ned Ludd
 
Default Hardened gcc-4

On Fri, 2008-01-18 at 21:03 +0100, atoth@atoth.sote.hu wrote:
> Hi Solar!
>
> Thank you for sharing all these valuable informations with us.
>
> --
> dr Tóth Attila, Radiológus Szakorvos jelölt, 06-20-825-8057, 06-30-5962-962
> Attila Toth MD, Radiologist in Training, +36-20-825-8057, +36-30-5962-962
>
> On Pén, Január 18, 2008 08:16, Ned Ludd wrote:
> >
> > On Fri, 2008-01-18 at 04:46 +0100, atoth@atoth.sote.hu wrote:
> >> On Csü, Január 17, 2008 20:57, Ned Ludd wrote:
> >> >
> >> > On Thu, 2008-01-17 at 20:03 +0100, atoth@atoth.sote.hu wrote:
> >
> > [snip]
> >
> >> > Note: That both of the methods I have shown do not enable SSP in
> >> gcc-4.
> >> >
> >>
> >> Thanks for the suggestions.
> >> BTW: why don't you enable SSP? If
> >
> >
> >> I would spend my time on separate specs, I would surely go for SSP as
> >> well.
> >
> > You are more than welcome to edit the specs for yourself and add the
> > ssp rules as well. I'm not a big fan of moving forward with ssp myself
> > and pie/relro/now is cheap/easy suits most of my needs so why not take
> > advantage of it..
> >
> > If you want add ssp to those specs you can probably more or less base
> > them easy enough off the gcc-3.x specs.
> >
> > Should/Would look something nearly exactly like this
> [snip]
> >
> >> Are there any known problems?
> >
> > yes, but please don't ask me to document them for you.
> >
>
> I would never ever ask you for that...
>
> I would rather avoid tampering with eclass functions (using KQ overlay).
> As I can make it out: ssp is built into gcc version 4.1+ taken from the
> regular portage tree. KQ's version discards two patches, but applies a pie
> patch. KQ's glibc installs a handler and takes care of unsupported and
> supported archs.
>
> I'll follow your advice and create some specs for the system. I wonder if
> the spec files from KQ's overlay could be used along with current portage
> toolchain ebuilds (gcc-4.1.1-r3 or gcc-4.1.2 and glibc-2.6.1)? I'm worried
> about the pie patch missing...
>
> What is the reason you are not keen on ssp as a security-focused developer?


Sorry I should of clarified. What I'm keen on, is not talking about
gcc-4.x at all. Really I posted the info here not just for you but for
others who might be looking/searching to do the same thing. More or less
so I would hopefully not have to be bugged about gcc-4.x again for
another 6months. I really don't like talking about it as it personally
frustrates me. You would have to search our archives here to see when I
let go of maintainer-ship of the hardened-toolchain for more details.

Good luck...


--
Ned Ludd <solar@gentoo.org>
Gentoo Linux

--
gentoo-hardened@lists.gentoo.org mailing list
 
Old 02-15-2008, 02:33 AM
Ned Ludd
 
Default Hardened gcc-4

On Thu, 2008-01-17 at 11:57 -0800, Ned Ludd wrote:
> On Thu, 2008-01-17 at 20:03 +0100, atoth@atoth.sote.hu wrote:
> > I'd like to give it a try. I'd like to help by testing it.
> > I've found this:
> > http://www.gentoo.org/proj/en/hardened/toolchain-upgrade-guide.xml
> > It seems to be a bit outdated, since binutils and glibc versions are all
> > right now by default. Should I just unhardmask gcc-4* and go ahead?
> > What about this one: https://bugs.gentoo.org/show_bug.cgi?id=106690?
> >
> > Provide me some hints, please!
> > (Solar? Kevin?)
>
> Of course there is the KQ overlay. For those who simply want basic
> hardening that have no desire to wait for it to hit the tree. I'd
> suggest just unmasking gcc-4, build it and then injecting some gcc
> specs to handle it auto building hardened alike bins.
>
> One of my setups looks like this.
>
> solar@hangover /etc/env.d/gcc $ gcc-config -l
> [1] x86_64-pc-linux-gnu-3.4.6
> [2] x86_64-pc-linux-gnu-3.4.6-hardenednopie
> [3] x86_64-pc-linux-gnu-3.4.6-hardenednopiessp
> [4] x86_64-pc-linux-gnu-3.4.6-hardenednossp
> [5] x86_64-pc-linux-gnu-3.4.6-vanilla
> [6] x86_64-pc-linux-gnu-4.1.2
> [7] x86_64-pc-linux-gnu-4.1.2-hardened *
>
> solar@hangover /etc/env.d/gcc $ cat x86_64-pc-linux-gnu-4.1.2-hardened
> PATH="/usr/x86_64-pc-linux-gnu/gcc-bin/4.1.2"
> ROOTPATH="/usr/x86_64-pc-linux-gnu/gcc-bin/4.1.2"
> GCC_PATH="/usr/x86_64-pc-linux-gnu/gcc-bin/4.1.2"
> LDPATH="/usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2:/usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/32"
> MANPATH="/usr/share/gcc-data/x86_64-pc-linux-gnu/4.1.2/man"
> INFOPATH="/usr/share/gcc-data/x86_64-pc-linux-gnu/4.1.2/info"
> STDCXX_INCDIR="g++-v4"
> GCC_SPECS="/usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/hardened.specs"
>
>
> #
> The line that matters here is the one that defines GCC_SPECS=
>
> http://dev.gentoo.org/~solar/hardened/gcc-4.1.1-x86_64-hardenednossp.specs
> Or
> http://dev.gentoo.org/~solar/hardened/gcc-4.1.1-x86-hardenednossp.specs
>
>
> solar@hangover /etc/env.d/gcc $ wget -O - -q
> http://dev.gentoo.org/~solar/x86_64-pc-linux-gnu-4.1.2-hardened.tar.bz2
> | tar jtf -
> etc/env.d/gcc/x86_64-pc-linux-gnu-4.1.2-hardened
> usr/lib64/gcc/x86_64-pc-linux-gnu/4.1.2/hardened.specs
>

Just noticed I did not have 4.1.2 specs for x86 anywhere online.. So
here are some with pie/now/relro/ssp...

http://tinderbox.dev.gentoo.org/portage/local/misc/i686-pc-linux-gnu-4.1.2-hardened.tar.bz2


--
gentoo-hardened@lists.gentoo.org mailing list
 
Old 02-15-2008, 04:57 AM
 
Default Hardened gcc-4

>
> Just noticed I did not have 4.1.2 specs for x86 anywhere online.. So
> here are some with pie/now/relro/ssp...
>
http://tinderbox.dev.gentoo.org/portage/local/misc/i686-pc-linux-gnu-4.1.2-hardened.tar.bz2
>

Thx, Solar. That will be very handy for my early transition!

Dw.

--
gentoo-hardened@lists.gentoo.org mailing list
 

Thread Tools




All times are GMT. The time now is 07:20 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org