Re: Building perl and XS modules with hardening flags
On Fri, May 13, 2011 at 6:05 PM, Ansgar Burchardt <ansgar@debian.org> wrote:
> I was wondering if it would make sense to build perl with hardening
> flags. This would it make harder to use bugs in the interpreter or the
> XS modules to compromise a system. It looks like Ubuntu already does
> this by default for all packages[1], so breakage should be limited.
I am very much for this change, particularly since Ubuntu happens to
be using this to great effect. As long as we are cautious and make
sure everything builds/tests pass with the new configuration, then I
don't think there should be any reason why we don't do this.
> If deemed useful, we could try enabling them in perl 5.14 as I assume
> this will get some more testing in experimental.
Sounds like you have this plan all figured out :)
Cheers,
Jonathan
Reply to: