Hi Matthias, On Sun, Nov 21, 2010 at 09:21:43AM +0100, Matthias Klose wrote: > I assume that there is a decision to turn on hardening defaults? > Who made it, and which defaults to turn on? Which ports should it > use? Where is it documented? So involvement of the ctte seems to The hardening-wrapper package has all of the combinations and ports well-declared. For example: ifneq (,$(filter $(DEB_HOST_ARCH_CPU), ia64 alpha mips mipsel hppa arm )) # Stack protector disabled on ia64, alpha, mips, mipsel, hppa. # "warning: -fstack-protector not supported for this target" # Stack protector disabled on arm (ok on armel). # compiler supports it incorrectly (leads to SEGV) DEB_BUILD_HARDENING_STACKPROTECTOR ?= 0 endif DEB_BUILD_HARDENING_STACKPROTECTOR ?= 1 etc > The patch itself is "maintained", however it requires patches to the > testsuite which are not maintained. They are in 4.4, partially > forwarded, incomplete for 4.5 and not done at all for trunk. So I > do have an answer about the responsibility (and no, you won't > convince me otherwise in a few weeks or months having seen this for > years). Since this, I've gotten half the testsuite changes into upstream, so this has improved. The testsuite work is extremely time-consuming, and I've been very slow to get that work done, unfortunately. > yes, I consider the current solution a hack, introduced in some > derivates by the lack of resources to get it done properly as nearly > any other distribution is doing it. Changes to the build flags > should be injected in the package build system, not by changing the > compiler itself. I first submitted a patch to introduce default > flags from the environment, this was replaced/refined by > dpkg-buildflags. Now please work on getting it honored in the > package builds and maybe make it a policy for packages with a > certain priority. This is likely the core of the disagreement: how to apply the flags. I have a strong opinion about this because my perspective is security-oriented. I think all compiles should be hardened; default to being secure, and whitelist that which needs things disabled. Same policy applies to firewalls, etc. As before, I stand by my original email that started this thread: http://lists.debian.org/debian-gcc/2009/10/msg00186.html -Kees -- Kees Cook @debian.org
Attachment:
signature.asc
Description: Digital signature