--- wikisrc/pkgsrc/hardening.mdwn 2016/03/17 03:14:51 1.3 +++ wikisrc/pkgsrc/hardening.mdwn 2016/03/17 03:19:17 1.4 @@ -53,6 +53,24 @@ scenarios are essentially possible: * actual bug in the program crashing, exposed thanks to ASLR/mprotect; * bug in the implementation of ASLR/mprotect in the Operating System. +## Problems with `PKGSRC_USE_FORTIFY` + +### Packages failing to build + +This feature makes use of pre-processing directives to look for hardened, +alternative implementations of essential library calls. Some programs may fail +to build as a result; this usually happens for those trying too hard to be +portable, or otherwise abusing definitions in the standard library. + +This will require a modification to the program, or disabling this feature for +part or all of the build. + +### Run-time crashes + +Just like with `PKGSRC_MKPIE` above, this feature may cause some programs to +crash, usually indicating an actual bug in the program. The fix will typically +involve patching the original program. + ## Problems with `PKGSRC_USE_SSP` ### Packages failing to build @@ -70,7 +88,6 @@ for part or all of the build. ### Run-time crashes -Just like with `PKGSRC_MKPIE` above, this feature may cause some programs to -crash, usually indicating an actual bug in the program. The fix will typically -involve patching the original program. +Again, this feature may cause some programs to crash, usually indicating an +actual bug in the program. Patching the original program is then required.