tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Default hardening options

On Sat, Aug 14, 2021 at 02:45:17PM -0400, Greg Troxel wrote:
> nia <> writes:
> >>   Explain if turning on MKREPRO without also MKPIE and ALSR has any
> >>   negative security consequences?  (I am guessing no, because addreses
> >>   are already predicable and MKREPRO is about avoiding timestamps etc.)
> >
> > All MKREPRO does is remove references to WRKDIR in debug output.
> So given that we've already had discussion, any reason not to just do
> that right now?  In my view, if it's going to happen, earlier is better
> and less for people to patch to test.
> (Just slicing off that becuase it seems the most obvious.)

Yeah, we could, but I also don't see as much of an advantage
compared to the other knobs. We don't get any immediate benefit
to pkgsrc's security.

Home | Main Index | Thread Index | Old Index