[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Switch on compiler hardening defaults

["Followup-To:" header set to gmane.linux.debian.devel.general.]
On 2009-11-05, Kees Cook <kees@debian.org> wrote:
>> The majority of distributions does turn on these options during
>> package build time, which IMO is the right thing to do. Debian
>> should do the same. There's now Raphael's new framework in place
>> which makes the injection of macros in dpkg-buildpackage in the
>> environment obsolete.
> This would certainly be better than nothing, and better than the
> hardening-wrapper package, but it would require that every package in
> Debian be modified to respect external environments.  Also, I think
> having the compiler itself be hardened is the bigger win.

If doko feels uncomfortable with appyling the patches, we should use
the dpkg-buildpackage way (which I'm technically fine with). It also
has the nice side effect that we get a central place where we can
opt out architecture which don't implement a specific hardening feature.
It also allows maintainers to specifically opt out in cases where they
feel the overhead to be inacceptably high. (e.g., a number-crunching
math application).

> Out of curiosity, where can I and others find the documentation for the
> dpkg-buildpackage environment framework?  We should immediately add the
> hardening options to it now for the packages that it will work on.

See dpkg-buildpackage(1) in the section "ENVIRONMENT VARIABLES"

What flags do you intend to enable?  -Wformat, -Wformat-security, 
-D_FORTIFY_SOURCE=2 and -fstack-protector ?

Could you file a bug against dpkg-dev?


Reply to: