diff options
Diffstat (limited to 'profiles/baldeagleos/1.0/linux-gnu/mix-ins/hardened')
4 files changed, 18 insertions, 0 deletions
diff --git a/profiles/baldeagleos/1.0/linux-gnu/mix-ins/hardened/README b/profiles/baldeagleos/1.0/linux-gnu/mix-ins/hardened/README new file mode 100644 index 000000000000..fe5d8a4b7680 --- /dev/null +++ b/profiles/baldeagleos/1.0/linux-gnu/mix-ins/hardened/README @@ -0,0 +1,9 @@ +# TODO +# +# We need to define what our scope for a hardened target is. +# The previous hardened mix-in was specifically related to +# grsecurity and pax, which are no longer freely available. +# +# As a baseline we already have ssp, pie, stack-check, bind_now and FORTIFY. +# +# TODO: Discuss way forward. diff --git a/profiles/baldeagleos/1.0/linux-gnu/mix-ins/hardened/package.use.force b/profiles/baldeagleos/1.0/linux-gnu/mix-ins/hardened/package.use.force new file mode 100644 index 000000000000..747426d0661f --- /dev/null +++ b/profiles/baldeagleos/1.0/linux-gnu/mix-ins/hardened/package.use.force @@ -0,0 +1 @@ +sys-devel/gcc bind_now mpx pie sanitize ssp ssp_all stack_clash_protection vtv diff --git a/profiles/baldeagleos/1.0/linux-gnu/mix-ins/hardened/parent b/profiles/baldeagleos/1.0/linux-gnu/mix-ins/hardened/parent new file mode 100644 index 000000000000..22fdeaeaa9ff --- /dev/null +++ b/profiles/baldeagleos/1.0/linux-gnu/mix-ins/hardened/parent @@ -0,0 +1,2 @@ +../no-bindist +../no-pch diff --git a/profiles/baldeagleos/1.0/linux-gnu/mix-ins/hardened/use.force b/profiles/baldeagleos/1.0/linux-gnu/mix-ins/hardened/use.force new file mode 100644 index 000000000000..9246fd76d4e9 --- /dev/null +++ b/profiles/baldeagleos/1.0/linux-gnu/mix-ins/hardened/use.force @@ -0,0 +1,6 @@ +bind_now +pie +ssp +ssp_all +stack_clash_protection +vtv |