Bug#552688: Please decide how Debian should enable hardening build flags

To: Raphael Hertzog <hertzog@debian.org>
Cc: 552688@bugs.debian.org
Subject: Bug#552688: Please decide how Debian should enable hardening build flags
From: Kees Cook <kees@debian.org>
Date: Thu, 28 Jul 2011 16:18:17 -0700
Message-id: <[🔎] 20110728231817.GM4946@outflux.net>
Mail-followup-to: debian-ctte@lists.debian.org
Reply-to: Kees Cook <kees@debian.org>, 552688@bugs.debian.org
In-reply-to: <[🔎] 20110728214628.GC4946@outflux.net>
References: <20101120151829.GB4506@rivendell.home.ouaza.com> <[🔎] 20110726213227.GF8766@rivendell.home.ouaza.com> <[🔎] 20110727215639.GB9465@rivendell.home.ouaza.com> <[🔎] 20110728203402.GV4946@outflux.net> <[🔎] 20110728210216.GD3050@rivendell.home.ouaza.com> <[🔎] 20110728214216.GB4946@outflux.net> <[🔎] 20110728214628.GC4946@outflux.net>

Oh, I've thought of one additional detail in making these defaults.
"-Werror=format-security" was only recently added, and this will likely
cause a fair level of FTBFS from some packages. This is not one of the gcc
defaults used in Ubuntu. It was added to hardening-includes because h-i has
effectively been a low-volume opt-in build-dep.

Since switching to dpkg-buildflags is also opt-in, it probably shouldn't
hurt too much, but I have never attempted an archive-wide rebuild with
-Werror=format-security added to the hardening flags.

Personally, I think it's a good idea to fix them all, but on the other
hand, having _FORTIFY_SOURCE enabled _should_ block most of the dangerous
format string conditions. It won't block leaks, though, which could lead to
stack protection bypasses, etc.

So, I'll be sure to call it out in documentation. I may reproduce the
Ubuntu wiki page I wrote for reference in the Debian wiki, since it is
where we send people by default when the hardening flags cause problems:
https://wiki.ubuntu.com/CompilerFlags

-Kees

-- 
Kees Cook                                            @debian.org

Reply to:

Follow-Ups:
- Bug#552688: Please decide how Debian should enable hardening build flags
  - From: Raphael Hertzog <hertzog@debian.org>

References:
- Bug#552688: Please decide how Debian should enable hardening build flags
  - From: Raphael Hertzog <hertzog@debian.org>
- Bug#552688: Please decide how Debian should enable hardening build flags
  - From: Raphael Hertzog <hertzog@debian.org>
- Bug#552688: Please decide how Debian should enable hardening build flags
  - From: Kees Cook <kees@debian.org>
- Bug#552688: Please decide how Debian should enable hardening build flags
  - From: Raphael Hertzog <hertzog@debian.org>
- Bug#552688: Please decide how Debian should enable hardening build flags
  - From: Kees Cook <kees@debian.org>
- Bug#552688: Please decide how Debian should enable hardening build flags
  - From: Kees Cook <kees@debian.org>

Prev by Date: Bug#552688: [hertzog@debian.org: Bug#552688: Please decide how Debian should enable hardening build flags]
Next by Date: Re: Bug#552688: Please decide how Debian should enable hardening build flags
Previous by thread: Bug#552688: Please decide how Debian should enable hardening build flags
Next by thread: Bug#552688: Please decide how Debian should enable hardening build flags
Index(es):
- Date
- Thread