Re: Default hardening options

To: Greg Troxel <gdt%lexort.com@localhost>
Subject: Re: Default hardening options
From: nia <nia%NetBSD.org@localhost>
Date: Tue, 17 Aug 2021 09:02:13 +0000

On Sat, Aug 14, 2021 at 02:45:17PM -0400, Greg Troxel wrote:
> 
> nia <nia%NetBSD.org@localhost> writes:
> 
> >>   Explain if turning on MKREPRO without also MKPIE and ALSR has any
> >>   negative security consequences?  (I am guessing no, because addreses
> >>   are already predicable and MKREPRO is about avoiding timestamps etc.)
> >
> > All MKREPRO does is remove references to WRKDIR in debug output.
> 
> So given that we've already had discussion, any reason not to just do
> that right now?  In my view, if it's going to happen, earlier is better
> and less for people to patch to test.
> 
> (Just slicing off that becuase it seems the most obvious.)

Yeah, we could, but I also don't see as much of an advantage
compared to the other knobs. We don't get any immediate benefit
to pkgsrc's security.

References:
- Default hardening options
  - From: nia
- Re: Default hardening options
  - From: Greg Troxel
- Re: Default hardening options
  - From: nia
- Re: Default hardening options
  - From: Greg Troxel

Prev by Date: daily pkgsrc CVS update output
Next by Date: Re: gnutls/p11-kit incompatible with Apache?
Previous by Thread: Re: Default hardening options
Next by Thread: print-PLIST gives no output
Indexes:

Home | Main Index | Thread Index | Old Index