[PATCH] Security hardening compiler and linker flags
David Jorm
djorm at corp.iixpeering.net
Wed Mar 4 08:51:07 CET 2015
On 02/27/2015 08:55 PM, Marco d'Itri wrote:
> On Feb 27, David Jorm <djorm at corp.iixpeering.net> wrote:
>
>> The attached patch adds security hardening compiler and linker flags. These
>> flags are only applied if --enable-secflags is on, and I've made
>> --enable-secflags on by default. I totally understand if the maintainers may
>> prefer for it to be off by default, at least initially.
> The warnings are OK, but while the hardening options actually match what
> Debian uses, distributions tipically want to explicitly set them
> themselves using the defaults of their own build infrastructure (because
> in the future they may want to do mass rebuilds with different flags).
>
Thanks for the feedback, Marco. I was thinking that distributions could
override these flags by setting --enable-secflags off if they wanted to.
If that is insufficient, then I would have no problem re-spinning the
patch to set --enable-secflags off by default.
Thanks
David
More information about the Bird-users
mailing list