Re: Switch on compiler hardening defaults
["Followup-To:" header set to gmane.linux.debian.devel.general.]
On 2009-11-05, Kees Cook <kees@debian.org> wrote:
>> The majority of distributions does turn on these options during
>> package build time, which IMO is the right thing to do. Debian
>> should do the same. There's now Raphael's new framework in place
>> which makes the injection of macros in dpkg-buildpackage in the
>> environment obsolete.
>
> This would certainly be better than nothing, and better than the
> hardening-wrapper package, but it would require that every package in
> Debian be modified to respect external environments. Also, I think
> having the compiler itself be hardened is the bigger win.
If doko feels uncomfortable with appyling the patches, we should use
the dpkg-buildpackage way (which I'm technically fine with). It also
has the nice side effect that we get a central place where we can
opt out architecture which don't implement a specific hardening feature.
It also allows maintainers to specifically opt out in cases where they
feel the overhead to be inacceptably high. (e.g., a number-crunching
math application).
> Out of curiosity, where can I and others find the documentation for the
> dpkg-buildpackage environment framework? We should immediately add the
> hardening options to it now for the packages that it will work on.
See dpkg-buildpackage(1) in the section "ENVIRONMENT VARIABLES"
What flags do you intend to enable? -Wformat, -Wformat-security,
-D_FORTIFY_SOURCE=2 and -fstack-protector ?
Could you file a bug against dpkg-dev?
Cheers,
Moritz
Reply to: