hardening

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

hardening

From:	ng0
Subject:	hardening
Date:	Mon, 29 Jan 2018 12:44:09 +0000

Hi,

as we've long talked and not really taken action on hardening builds
I've started working on an opt-in way as last discussed in
september 2016, modifying the gnu-build-system with a
#:hardening-flags keyword.

For my testing purposes I will use

> CFLAGS="-fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2" LDFLAGS="-Wl,-z,now 
> -Wl,-z,relro"

which is used by Gentoo, but adjustments (wether to opt-in or
opt-out) will be made.
-- 
ng0 :: https://ea.n0.is
A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/

[Prev in Thread]

Current Thread

[Next in Thread]

hardening, ng0 <=
- Re: hardening, Joshua Branson, 2018/01/29
  - Re: hardening, ng0, 2018/01/29
- Re: hardening, Alex Vong, 2018/01/31

Prev by Date: Re: Call for project proposals: Guix and Outreachy
Next by Date: Re: 01/01: hydra: Work around import problem.
Previous by thread: Re: gcc-ddc
Next by thread: Re: hardening
Index(es):
- Date
- Thread