Re: Bug#552688: Please decide how Debian should enable hardening build flags
Hi,
On 25/01/2011 00:05, Kees Cook wrote:
> On Mon, Jan 24, 2011 at 01:26:00PM -0800, Don Armstrong wrote:
>> 4) What solution would you enact if the CTTE were to have hardening be
>> on by default for all Debian packages, but disabled by default for the
>> compiler as shipped?
>
> One of the options would be to use hardening-wrapper with a config file
> on the buildds. The wrapper already reads /etc/hardening-wrapper.conf,
> so that DEB_BUILD_HARDENING=1 can be set globally. If the wrapper were
> part of build-essential or pre-installed in the buildd chroots and the
> buildds had this turned on (probably with DEB_BUILD_HARDENING_PIE=0
> for archs that had low general register counts like ia32), the entire
> archive would be built with hardening without any changes to the compiler.
>
> I suspect some people will utterly hate this idea, though, but it will
> work. Though the global defaults can even be explicitly disabled in a
> build (debian/rules exporting DEB_BUILD_HARDENING=0, or some subset,
> for example) if there were packages with specific issues.
As a teacher, I (most exactly my students) found find extremely annoying
that re-running a program does not lead to the exact same execution (and
in-memory layout so that memory corruption are more easily found when the
program is restarted under gdb).
So, it seems to me important that it is, at least, easy to disable
hardening (at least the parts that introduce some randomness) by default
in the compiler when the admin (or the user) wants it.
Regards,
Vincent
> -Kees
--
Vincent Danjean GPG key ID 0x9D025E87 vdanjean@debian.org
GPG key fingerprint: FC95 08A6 854D DB48 4B9A 8A94 0BF7 7867 9D02 5E87
Unofficial packages: http://moais.imag.fr/membres/vincent.danjean/deb.html
APT repo: deb http://people.debian.org/~vdanjean/debian unstable main
Reply to: