Re: Introducing security hardening features for Lenny

To: debian-devel@lists.debian.org
Subject: Re: Introducing security hardening features for Lenny
From: Kees Cook <kees@debian.org>
Date: Tue, 29 Jan 2008 16:15:27 -0800
Message-id: <[🔎] 20080130001527.GG16366@outflux.net>
In-reply-to: <[🔎] 200801292317.42372.seanius@debian.org>
References: <20080129211624.GA3982@galadriel.inutil.org> <[🔎] 200801292317.42372.seanius@debian.org>

On Tue, Jan 29, 2008 at 11:17:37PM +0100, sean finney wrote:
> On Tuesday 29 January 2008 10:16:24 pm Moritz Muehlenhoff wrote:
> > A group of people have been working on introducing advanced security
> > hardening features into our archive:
> > http://alioth.debian.org/projects/hardening/
> >
> i guess you're aware of the discussions going on with ubuntu-devel as well?
> 
> 	https://lists.ubuntu.com/archives/ubuntu-devel/2008-January/024958.html
> 	
> (and further posts where some implementation details are debated)

In trying to not duplicate effort, I've been working both in Debian and
Ubuntu to help get these options enabled globally.

> I have to repeat the question that tfheen asked on that list... why 
> DEB_BUILD_HARDENING=1, and not DEB_BUILD_OPTS=hardening (thus the same as 
> nostrip,noopt,etc).

I'm all for making it as easy as possible to enable the flags.  (Like I
said in the other thread: patches welcome.)  I'd probably want it to be
"nohardening", making compiles hardened by default.  :)

-Kees

-- 
Kees Cook

Reply to:

Follow-Ups:
- Re: Introducing security hardening features for Lenny
  - From: Michael Banck <mbanck@debian.org>

References:
- Re: Introducing security hardening features for Lenny
  - From: sean finney <seanius@debian.org>

Prev by Date: Re: Introducing security hardening features for Lenny
Next by Date: Re: Bug#463167: ITP: dsyslog -- a dumb syslog
Previous by thread: Re: Introducing security hardening features for Lenny
Next by thread: Re: Introducing security hardening features for Lenny
Index(es):
- Date
- Thread