Gentoo Archives: gentoo-dev

From: Mike Frysinger <vapier@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Moving more hardening features to default?
Date: Thu, 20 Oct 2011 12:56:13
In Reply to: [gentoo-dev] Moving more hardening features to default? by "Paweł Hajdan
1 On Thursday 20 October 2011 04:47:14 Paweł Hajdan, Jr. wrote:
2 > I've noticed
3 > <>, i.e.
4 > Debian is starting to make more and more hardening features default, at
5 > least for most packages.
7 seems a bit light on what actually is being used
9 random thoughts:
10 - we've long defaulted to linking with relro
11 - defaulting to bindnow is pretty much a no go for USE=-hardened
12 - building everything as PIC/PIE comes with performance penalty for some
13 architectures (e.g. x86), and is often the source of build issues with the
14 hardened port
15 - we've long defaulted to building with _FORTIFY_SOURCE
16 - i'd need to see actual overhead data with SSP to see about enabling it by
17 default
18 -mike


File name MIME type
signature.asc application/pgp-signature


Subject Author
[gentoo-dev] Re: Moving more hardening features to default? Duncan <1i5t5.duncan@×××.net>