Re: Default hardening options

To: nia <nia%NetBSD.org@localhost>
Subject: Re: Default hardening options
From: Jonathan Perkin <jperkin%joyent.com@localhost>
Date: Wed, 4 Aug 2021 16:47:48 +0100

* On 2021-08-04 at 16:13 BST, nia wrote:

How do we feel about turning up the default hardening options?

It's probably worth clarifying whether you mean for all OS or justNetBSD. One consideration is that while I've also been enablingPKGSRC_USE_SSP=strong since 2016Q1 in my builds, it does add adependency on libssp at least on older illumos systems which cancomplicate how packages are distributed with GCC dependencies.

Obviously for relro and pie it'd need to only be done on OS where theyare supported.


--
Jonathan Perkin  -  Joyent, Inc.  -  www.joyent.com

Follow-Ups:
- Re: Default hardening options
  - From: nia

References:
- Default hardening options
  - From: nia

Prev by Date: Default hardening options
Next by Date: Re: Default hardening options
Previous by Thread: Default hardening options
Next by Thread: Re: Default hardening options
Indexes:

Home | Main Index | Thread Index | Old Index