--- wikisrc/pkgsrc/hardening.mdwn 2017/11/07 02:37:43 1.33 +++ wikisrc/pkgsrc/hardening.mdwn 2017/11/07 02:38:59 1.34 @@ -44,6 +44,7 @@ the meantime. This can happen in case of and therefore exposing these bugs. Different mitigation levels are available: + * the default ("yes"), which will only protect functions considered vulnerable by the compiler; * "all", which will protect every function; @@ -56,6 +57,7 @@ for unsafe programming languages, such a It is enabled by default where known supported since pkgsrc-2017Q3. More details can be found here: + * ## Enabled by default in pkgsrc HEAD @@ -82,6 +84,7 @@ This also makes the exploitation of some difficult in some cases. Two different mitigation levels are available: + * partial: the ELF sections are reordered so that internal data sections precede the program's own data sections, and non-PLT GOT is read-only; * full: in addition to partial RELRO, every relocation is performed immediately @@ -92,6 +95,7 @@ This is currently supported by GCC. Many feature by default, at the "partial" level. More details can be found here: + * ### PKGSRC_USE_STACK_CHECK