Diff for /wikisrc/pkgsrc/hardening.mdwn between versions 1.1 and 1.2

version 1.1, 2016/03/17 02:45:18 version 1.2, 2016/03/17 03:05:59
Line 14  in `mk.conf`, and consist of: Line 14  in `mk.conf`, and consist of:
 * `PKGSRC_USE_SSP`: enables stack-smashing protection (again, on supported  * `PKGSRC_USE_SSP`: enables stack-smashing protection (again, on supported
   platforms)    platforms)
   
   # Caveats
   
   ## Problems with `PKGSRC_MKPIE`
   
   ### No support for cwrappers
   
   As of the time of this article `PKGSRC_MKPIE` is not supported by
   `pkgtools/cwrappers` (`USE_CWRAPPERS` in `mk.conf`).
   
   ### Packages failing to build
   
   A number of packages may fail to build with this option enabled. The failures
   are often related to the absence of the "-fPIC" compilation flag when building
   libraries or executables (or ideally "-fPIE" in the latter case). This flag is
   added to the `CFLAGS` already, but requires the package to actually support it.
   
   #### How to fix
   
   These instructions are meant as a reference only; they likely need to be adapted
   for many packages individually.
   
   For packages using `Makefiles`:
   
       MAKE_FLAGS+=        CFLAGS=${CFLAGS:Q}
       MAKE_FLAGS+=        LDFLAGS=${LDFLAGS:Q}
   
   For packages using `Imakefiles`:
   
       MAKE_FLAGS+=        CCOPTIONS=${CFLAGS:Q}
       MAKE_FLAGS+=        LOCAL_LDFLAGS=${LDFLAGS:Q}
   
   ### Run-time crashes
   
   Some programs may fail to run, or crash at random times once built as PIE. Two
   scenarios are essentially possible:
   
   * actual bug in the program crashing, exposed thanks to ASLR/mprotect;
   * bug in the implementation of ASLR/mprotect in the Operating System.
   

Removed from v.1.1  
changed lines
  Added in v.1.2


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb