Package: krb5
Severity: wishlist
Please consider enabling -fstack-protector and -D_FORTIFY_SOURCE=2
for krb5. There'll be a minor performance penaltly (which I
haven't measured myself, though), but for a security-sensitive
package like krb5 the trade-off would be acceptable IMHO.
Please see the package hardening-wrapper for easy testing and
the README.Debian included within.
AFAIK the stack protector doesn't work reliably on mips, hppa,
arm, armel, ia64 and alpha. I'm not sure about mipsel, sparc and
s390, so maybe it should be limited to i386 and amd64 for now.
Cheers,
Moritz
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.25-2-686 (SMP w/1 CPU core)
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
