Re: Switch on compiler hardening defaults

To: debian-devel@lists.debian.org
Cc: debian-gcc@lists.debian.org
Subject: Re: Switch on compiler hardening defaults
From: Romain Francoise <rfrancoise@debian.org>
Date: Mon, 26 Oct 2009 08:42:55 +0100
Message-id: <[🔎] 877huizjls.fsf@elegiac.orebokech.com>
References: <[🔎] 20091025185525.GI6711@outflux.net>

Kees Cook <kees@debian.org> writes:

> I would like to propose enabling[1] the GCC hardening patches that Ubuntu
> uses[2].  Ubuntu has used it successfully for 1.5 years now (3 releases),
> and many of the issues have already been fixed in packages that needed
> adjustment[3].  After all this time, use of the hardening-wrapper[4]
> package is still very low, so I think the right thing to do is to just fix
> this in the compiler and everyone wins.  I'm not suggesting that there
> won't be added work to fix problems, but I believe that for Debian the
> benefits now out-weigh the risks.

Agreed. The freeze is months away, there's plenty of time to deal
with the potential fallout of enabling this, so let's just do it.

-- 
Romain Francoise <rfrancoise@debian.org>
http://people.debian.org/~rfrancoise/

Reply to:

References:
- Switch on compiler hardening defaults
  - From: Kees Cook <kees@debian.org>

Prev by Date: Re: Packages relying on HOME when building
Next by Date: Re: unused parameters passed to maintainer scripts
Previous by thread: Re: Switch on compiler hardening defaults
Next by thread: Re: Switch on compiler hardening defaults
Index(es):
- Date
- Thread