Re: release goal proposal: enable hardening build flags
Niels Thykier <niels@thykier.net> schrieb:
> On 2011-09-14 18:36, Kees Cook wrote:
>> Hi,
>>
>> On Wed, Sep 14, 2011 at 08:02:13AM +0200, Niels Thykier wrote:
>>> I have two questions so far. First what usertag will you be using for
>>> the bugs (if any)? As far as I can tell, there is not listed on the
>>> wiki. Secondly, where can I (or will I be able to) see the progress of
>>> this goal?
>>
>> Ah, right, I forgot that in the proposal. How about "goal-hardening"? I'll
>> add that to the wiki[1].
>>
>
> Sounds good; which "user" did you want to use for it? The link on the
> wiki does not seem to include it.
The user is hardening-discuss@lists.alioth.debian.org
I'll add that to the wiki later.
> I assume that we are interested in ensuring that there are no
> "regressions" in this area. Perhaps a Lintian check would be in order?
> As far as I can tell hardening-check only uses readelf + grep, so there
> should not be any issues in implementing it.
> The question is if the check is reliable (i.e. works on all
> architectures) and if there are any caveats (i.e. only works with GCC
> compiled binaries).
>
> Anyhow, with a Lintian tag you would naturally have a progress tracker
> (at least after #641468 is fixed)[1] and a "regression" check.
Yes, a lintian check is planned, but it will need some time and experimenting
to sort out the details.
Cheers,
Moritz
Reply to: