[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Default hardening options
On Sat, Aug 14, 2021 at 02:45:17PM -0400, Greg Troxel wrote:
> nia <nia%NetBSD.org@localhost> writes:
> >> Explain if turning on MKREPRO without also MKPIE and ALSR has any
> >> negative security consequences? (I am guessing no, because addreses
> >> are already predicable and MKREPRO is about avoiding timestamps etc.)
> > All MKREPRO does is remove references to WRKDIR in debug output.
> So given that we've already had discussion, any reason not to just do
> that right now? In my view, if it's going to happen, earlier is better
> and less for people to patch to test.
> (Just slicing off that becuase it seems the most obvious.)
Yeah, we could, but I also don't see as much of an advantage
compared to the other knobs. We don't get any immediate benefit
to pkgsrc's security.
Main Index |
Thread Index |