Re: Improving security for pkgsrc

To: Pierre Pronchery <khorben%defora.org@localhost>
Subject: Re: Improving security for pkgsrc
From: Joerg Sonnenberger <joerg%britannica.bec.de@localhost>
Date: Sat, 18 Jul 2015 18:56:38 +0200

On Sat, Jul 18, 2015 at 06:38:09PM +0200, Pierre Pronchery wrote:
> 1. Building with stack smashing protection: (SSP)
> 
>   +_GCC_CFLAGS+=  -fstack-protector
> 
> This one is already described in NetBSD's build process; for a minor
> performance penalty, the compiler will have a canary checked to be
> present unmodified on a the stack, thereby helping with the mitigation
> of stack-based buffer overflows.

It has been shown to be pretty weak in practise, so YMMV.

> 2. Building position-independent code:
> 
>   +_GCC_CFLAGS+=  -fPIC
>   +_GCC_LDFLAGS+= -Wl,-pie

This is not the correct way to create position independent binaries.

> 3. Linking with RELRO by default:
> 
>   +_GCC_LDFLAGS+= -Wl,-z,relro
> 
> I am less familiar with this one, which OpenBSD has been advocating
> for a while now:
> http://undeadly.org/cgi?action=article&sid=20030126143902
> (and in some slides from theo)

This one has major performance implementations and requires support from
the system for proper behavior.

> This commit adds all those flags to CFLAGS and LDFLAGS, iff building
> on NetBSD with gcc. It enables all three improvements by default as-is
> (on this platform only). This is one reason it is not suitable for
> inclusion yet, and I will welcome help to achieve it.

Please do not merge this. While (1) might be reasonable, the rest is
not acceptable.

Joerg

Follow-Ups:
- Re: Improving security for pkgsrc
  - From: Pierre Pronchery

References:
- Improving security for pkgsrc
  - From: Pierre Pronchery

Prev by Date: Improving security for pkgsrc
Next by Date: Re: Improving security for pkgsrc
Previous by Thread: Improving security for pkgsrc
Next by Thread: Re: Improving security for pkgsrc
Indexes:

Home | Main Index | Thread Index | Old Index