Re: hardening

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: hardening

From:	ng0
Subject:	Re: hardening
Date:	Mon, 29 Jan 2018 20:55:45 +0000

Hi,

On Mon, 29 Jan 2018, Joshua Branson <address@hidden> wrote:
> Is this something anyone can start using now?  Like I can modify my 
> config.scm file somehow and start enjoying a hardened guix?

Sorry to disappoint you, I'd like to have it usable also right
now :) But: no. This takes some time and testing. I'll send
patches as soon as I have something to go with, today I only had
breakage on the bootstrap level ;)

> On Mon, Jan 29, 2018, at 4:44 AM, address@hidden wrote:
>> Hi,
>> 
>> as we've long talked and not really taken action on hardening builds
>> I've started working on an opt-in way as last discussed in
>> september 2016, modifying the gnu-build-system with a
>> #:hardening-flags keyword.
>> 
>> For my testing purposes I will use
>> 
>> > CFLAGS="-fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2" 
>> > LDFLAGS="-Wl,-z,now -Wl,-z,relro"
>> 
>> which is used by Gentoo, but adjustments (wether to opt-in or
>> opt-out) will be made.
>> -- 
>> ng0 :: https://ea.n0.is
>> A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/
>> 
>
>

-- 
ng0 :: https://ea.n0.is
A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/

[Prev in Thread]

Current Thread

[Next in Thread]

hardening, ng0, 2018/01/29
- Re: hardening, Joshua Branson, 2018/01/29
  - Re: hardening, ng0 <=
- Re: hardening, Alex Vong, 2018/01/31

Prev by Date: Re: hardening
Next by Date: Improving Shepherd
Previous by thread: Re: hardening
Next by thread: Re: hardening
Index(es):
- Date
- Thread