Re: Switch on compiler hardening defaults

[Christoph Anton Mitterer <calestyo@scientia.net>]

On Tue, 2009-10-27 at 15:48 +0800, Paul Wise wrote:
> http://wiki.debian.org/DebianKernelPatchAcceptanceGuidelines
> http://kernel-handbook.alioth.debian.org/ch-source.html#s-acceptance
The thing is,..
A patch like PaX would (IMHO) improve security a lot,... and it would be
worth thinking for a distribution, whether to take this burden and to
manually maintain it...

Apart from that,.. if something like PaX is used in a mainline distro,
it could get a development boost and perhaps be even included in the
vanilla tree at some time.


As PaX needs PIC as far as I remember, this decision would have to be
made at a global level for the distribution anyway, as everything would
have to be compiled with PIC.


Cheers,
Chris.