[PATCH] Security hardening compiler and linker flags

Stefan Jakob tinysammy at gmail.com
Thu Mar 5 17:13:33 CET 2015


 David Jorm <djorm at corp.iixpeering.net> schrieb am Mi., 04.03.2015, 8:54:


On 02/27/2015 08:55 PM, Marco d'Itri wrote:
> On Feb 27, David Jorm <djorm at corp.iixpeering.net> wrote:
>
>> The attached patch adds security hardening compiler and linker flags.
These
>> flags are only applied if --enable-secflags is on, and I've made
>> --enable-secflags on by default. I totally understand if the maintainers
may
>> prefer for it to be off by default, at least initially.
> The warnings are OK, but while the hardening options actually match what
> Debian uses, distributions tipically want to explicitly set them
> themselves using the defaults of their own build infrastructure (because
> in the future they may want to do mass rebuilds with different flags).
>

Thanks for the feedback, Marco. I was thinking that distributions could
override these flags by setting --enable-secflags off if they wanted to.
If that is insufficient, then I would have no problem re-spinning the
patch to set --enable-secflags off by default.


+1

Flags should be available but disabled by default at this state, imho, ymmv

Thx for the patch David!

Rgds, Stefan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20150305/137ade24/attachment.html>


More information about the Bird-users mailing list