[PATCH] Security hardening compiler and linker flags
Stefan Jakob
tinysammy at gmail.com
Thu Mar 5 17:13:33 CET 2015
David Jorm <djorm at corp.iixpeering.net> schrieb am Mi., 04.03.2015, 8:54:
On 02/27/2015 08:55 PM, Marco d'Itri wrote:
> On Feb 27, David Jorm <djorm at corp.iixpeering.net> wrote:
>
>> The attached patch adds security hardening compiler and linker flags.
These
>> flags are only applied if --enable-secflags is on, and I've made
>> --enable-secflags on by default. I totally understand if the maintainers
may
>> prefer for it to be off by default, at least initially.
> The warnings are OK, but while the hardening options actually match what
> Debian uses, distributions tipically want to explicitly set them
> themselves using the defaults of their own build infrastructure (because
> in the future they may want to do mass rebuilds with different flags).
>
Thanks for the feedback, Marco. I was thinking that distributions could
override these flags by setting --enable-secflags off if they wanted to.
If that is insufficient, then I would have no problem re-spinning the
patch to set --enable-secflags off by default.
+1
Flags should be available but disabled by default at this state, imho, ymmv
Thx for the patch David!
Rgds, Stefan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20150305/137ade24/attachment.html>
More information about the Bird-users
mailing list