Building perl and XS modules with hardening flags

To: debian-perl@lists.debian.org
Subject: Building perl and XS modules with hardening flags
From: Ansgar Burchardt <ansgar@debian.org>
Date: Sat, 14 May 2011 00:05:00 +0200
Message-id: <[🔎] 87pqnm2r5f.fsf@marvin.43-1.org>
Mail-followup-to: debian-perl@lists.debian.org

Hi,

I was wondering if it would make sense to build perl with hardening
flags.  This would it make harder to use bugs in the interpreter or the
XS modules to compromise a system.  It looks like Ubuntu already does
this by default for all packages[1], so breakage should be limited.

On Debian[2], hardening-includes provides a makefile snippet to set
architecture-validated hardening flags.

If deemed useful, we could try enabling them in perl 5.14 as I assume
this will get some more testing in experimental.

Regards,
Ansgar

[1] <https://wiki.ubuntu.com/Security/Features>
[2] <http://wiki.debian.org/Hardening>

Reply to:

Follow-Ups:
- Re: Building perl and XS modules with hardening flags
  - From: Jonathan Yu <jawnsy@cpan.org>
- Re: Building perl and XS modules with hardening flags
  - From: Dominic Hargreaves <dom@earth.li>

Prev by Date: Re: Bug#533934: pperl: FTBFS: tests failed directory
Next by Date: Re: Building perl and XS modules with hardening flags
Previous by thread: Re: Bug#533934: pperl: FTBFS: tests failed directory
Next by thread: Re: Building perl and XS modules with hardening flags
Index(es):
- Date
- Thread