Re: state of security hardening build flag efforts

To: debian-devel@lists.debian.org
Subject: Re: state of security hardening build flag efforts
From: Paul Wise <pabs@debian.org>
Date: Sun, 1 Apr 2012 17:24:00 +0800
Message-id: <[🔎] CAKTje6F-9v=rQ7_ki5GFtGNn9DsizSADZQwvh_jSC=C6XCnuXQ@mail.gmail.com>
In-reply-to: <[🔎] 20120401074937.GJ8020@outflux.net>
References: <[🔎] 20120401074937.GJ8020@outflux.net>

On Sun, Apr 1, 2012 at 3:49 PM, Kees Cook wrote:

> This is very exciting! It was only a short time ago when just a handful
> of packages were building with hardening options. Now we're almost to 20%
> on stack-protector. :) Thank you everyone for your great work!

Very nice, thanks for pushing it!

> I'm going to work on getting this graphed daily, like the debhelper
> statistics[3].

If you do, please add that to the statistics wiki page:

http://wiki.debian.org/Statistics

BTW:

Under what circumstances do you think GCC upstream should be enabling
these options by default (as several distributions other than Debian
do)?

Do you have any stats about where packages had to avoid enabling these options?

Do you feel the frequency of that is low enough to enable these
options by default (in upstream or in distros)?

If you think that enabling them by default in GCC upstream is doable,
what kind of blockers and timeframe would we expect for that?

I would personally like binaries not built by debian/rules but built
on Debian systems to be hardened by default.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise

Reply to:

Follow-Ups:
- Re: state of security hardening build flag efforts
  - From: Kees Cook <kees@debian.org>

References:
- state of security hardening build flag efforts
  - From: Kees Cook <kees@debian.org>

Prev by Date: Re: bug reports with urls in them
Next by Date: Re: bug reports with urls in them
Previous by thread: state of security hardening build flag efforts
Next by thread: Re: state of security hardening build flag efforts
Index(es):
- Date
- Thread