Re: Introducing security hardening features for Lenny
On Wed, Mar 05, 2008 at 10:16:52AM +0100, Pierre Habouzit wrote:
> On Wed, Mar 05, 2008 at 06:16:33AM +0000, Kees Cook wrote:
> > I finally got some time to run some benchmarks. I checked the results[1]
> > into the "hardening" svn tree, in case other people want to contribute
> > more stuff.
>
> Thank you very much for those. Though what did you built using -fPIE
> FORTIFY_SOURCES and so on ? only the tested applications ? or their
> build-deps as well ? Because I don't expect mplayer to be slowed a lot
> if you don't rebuild its ogg/mp3/mpg/... as well :) Same goes for
> inkscape.
Well, libraries are already -fPIC so there's no need to recompile those.
As for FORTIFY_SOURCE, that's true, I didn't rebuild the libraries with
it for these tests. Getting all libs rebuilt may take a lot longer. :)
--
Kees Cook @outflux.net
Reply to: