[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#552688: Please decide how Debian should enable hardening build flags



Hi Matthias,

On Sun, Nov 21, 2010 at 09:21:43AM +0100, Matthias Klose wrote:
> I assume that there is a decision to turn on hardening defaults?
> Who made it, and which defaults to turn on?  Which ports should it
> use?  Where is it documented?  So involvement of the ctte seems to

The hardening-wrapper package has all of the combinations and ports
well-declared. For example:

ifneq (,$(filter $(DEB_HOST_ARCH_CPU), ia64 alpha mips mipsel hppa arm ))
  # Stack protector disabled on ia64, alpha, mips, mipsel, hppa.
  #   "warning: -fstack-protector not supported for this target"
  # Stack protector disabled on arm (ok on armel).
  #   compiler supports it incorrectly (leads to SEGV)
  DEB_BUILD_HARDENING_STACKPROTECTOR ?= 0
endif
DEB_BUILD_HARDENING_STACKPROTECTOR ?= 1

etc

> The patch itself is "maintained", however it requires patches to the
> testsuite which are not maintained. They are in 4.4, partially
> forwarded, incomplete for 4.5 and not done at all for trunk.  So I
> do have an answer about the responsibility (and no, you won't
> convince me otherwise in a few weeks or months having seen this for
> years).

Since this, I've gotten half the testsuite changes into upstream, so this
has improved. The testsuite work is extremely time-consuming, and I've been
very slow to get that work done, unfortunately.

> yes, I consider the current solution a hack, introduced in some
> derivates by the lack of resources to get it done properly as nearly
> any other distribution is doing it.  Changes to the build flags
> should be injected in the package build system, not by changing the
> compiler itself.  I first submitted a patch to introduce default
> flags from the environment, this was replaced/refined by
> dpkg-buildflags.  Now please work on getting it honored in the
> package builds and maybe make it a policy for packages with a
> certain priority.

This is likely the core of the disagreement: how to apply the
flags. I have a strong opinion about this because my perspective is
security-oriented. I think all compiles should be hardened; default
to being secure, and whitelist that which needs things disabled. Same
policy applies to firewalls, etc. As before, I stand by my original email
that started this thread:
http://lists.debian.org/debian-gcc/2009/10/msg00186.html

-Kees

-- 
Kees Cook                                            @debian.org

Attachment: signature.asc
Description: Digital signature


Reply to: