Re: Building perl and XS modules with hardening flags

To: debian-perl@lists.debian.org
Subject: Re: Building perl and XS modules with hardening flags
From: Jonathan Yu <jawnsy@cpan.org>
Date: Sat, 14 May 2011 08:01:32 -0400
Message-id: <[🔎] BANLkTik_X3_iZuBBPPTZNPmT7ra11XSuFg@mail.gmail.com>
In-reply-to: <[🔎] 87pqnm2r5f.fsf@marvin.43-1.org>
References: <[🔎] 87pqnm2r5f.fsf@marvin.43-1.org>

On Fri, May 13, 2011 at 6:05 PM, Ansgar Burchardt <ansgar@debian.org> wrote:
> I was wondering if it would make sense to build perl with hardening
> flags.  This would it make harder to use bugs in the interpreter or the
> XS modules to compromise a system.  It looks like Ubuntu already does
> this by default for all packages[1], so breakage should be limited.

I am very much for this change, particularly since Ubuntu happens to
be using this to great effect. As long as we are cautious and make
sure everything builds/tests pass with the new configuration, then I
don't think there should be any reason why we don't do this.

> If deemed useful, we could try enabling them in perl 5.14 as I assume
> this will get some more testing in experimental.

Sounds like you have this plan all figured out :)

Cheers,

Jonathan

Reply to:

References:
- Building perl and XS modules with hardening flags
  - From: Ansgar Burchardt <ansgar@debian.org>

Prev by Date: Building perl and XS modules with hardening flags
Next by Date: Dual-lived modules with scripts
Previous by thread: Building perl and XS modules with hardening flags
Next by thread: Re: Building perl and XS modules with hardening flags
Index(es):
- Date
- Thread