* Re: [gentoo-dev] Moving more hardening features to default?
@ 2011-10-20 12:55 99% ` Mike Frysinger
0 siblings, 0 replies; 1+ results
From: Mike Frysinger @ 2011-10-20 12:55 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: Text/Plain, Size: 765 bytes --]
On Thursday 20 October 2011 04:47:14 Paweł Hajdan, Jr. wrote:
> I've noticed
> <http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags>, i.e.
> Debian is starting to make more and more hardening features default, at
> least for most packages.
seems a bit light on what actually is being used
random thoughts:
- we've long defaulted to linking with relro
- defaulting to bindnow is pretty much a no go for USE=-hardened
- building everything as PIC/PIE comes with performance penalty for some
architectures (e.g. x86), and is often the source of build issues with the
hardened port
- we've long defaulted to building with _FORTIFY_SOURCE
- i'd need to see actual overhead data with SSP to see about enabling it by
default
-mike
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [relevance 99%]
Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2011-10-20 8:47 [gentoo-dev] Moving more hardening features to default? "Paweł Hajdan, Jr."
2011-10-20 12:55 99% ` Mike Frysinger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox