[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Introducing security hardening features for Lenny

On Wed, Mar 05, 2008 at 10:16:52AM +0100, Pierre Habouzit wrote:
> On Wed, Mar 05, 2008 at 06:16:33AM +0000, Kees Cook wrote:
> > I finally got some time to run some benchmarks.  I checked the results[1]
> > into the "hardening" svn tree, in case other people want to contribute
> > more stuff.
>   Thank you very much for those. Though what did you built using -fPIE
> FORTIFY_SOURCES and so on ? only the tested applications ? or their
> build-deps as well ? Because I don't expect mplayer to be slowed a lot
> if you don't rebuild its ogg/mp3/mpg/... as well :) Same goes for
> inkscape.

Well, libraries are already -fPIC so there's no need to recompile those.
As for FORTIFY_SOURCE, that's true, I didn't rebuild the libraries with
it for these tests.  Getting all libs rebuilt may take a lot longer.  :)

Kees Cook                                            @outflux.net

Reply to: