--- wikisrc/pkgsrc/hardening.mdwn 2017/11/07 02:14:50 1.29 +++ wikisrc/pkgsrc/hardening.mdwn 2017/11/07 02:18:46 1.30 @@ -43,6 +43,12 @@ check will fail and the program forcibly the meantime. This can happen in case of buffer overflows or memory corruption, and therefore exposing these bugs. +Different mitigation levels are available: +* the default ("yes"), which will only protect functions considered vulnerable + by the compiler; +* "all", which will protect every function; +* "strong", which will apply a better balance between the two settings above. + This mitigation is supported by both GCC and clang. It may be supported in additional compilers, possibly under a different name. It is particularly useful for unsafe programming languages, such as C/C++.