On Thursday 20 October 2011 04:47:14 Paweł Hajdan, Jr. wrote: > I've noticed > <http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags>, i.e. > Debian is starting to make more and more hardening features default, at > least for most packages.
seems a bit light on what actually is being used random thoughts: - we've long defaulted to linking with relro - defaulting to bindnow is pretty much a no go for USE=-hardened - building everything as PIC/PIE comes with performance penalty for some architectures (e.g. x86), and is often the source of build issues with the hardened port - we've long defaulted to building with _FORTIFY_SOURCE - i'd need to see actual overhead data with SSP to see about enabling it by default -mike
signature.asc
Description: This is a digitally signed message part.