Building perl and XS modules with hardening flags
Hi,
I was wondering if it would make sense to build perl with hardening
flags. This would it make harder to use bugs in the interpreter or the
XS modules to compromise a system. It looks like Ubuntu already does
this by default for all packages[1], so breakage should be limited.
On Debian[2], hardening-includes provides a makefile snippet to set
architecture-validated hardening flags.
If deemed useful, we could try enabling them in perl 5.14 as I assume
this will get some more testing in experimental.
Regards,
Ansgar
[1] <https://wiki.ubuntu.com/Security/Features>
[2] <http://wiki.debian.org/Hardening>
Reply to: