Diff for /wikisrc/pkgsrc/hardening.mdwn between versions 1.1 and 1.49

version 1.1, 2016/03/17 02:45:18 version 1.49, 2021/10/02 14:48:27
Line 1 Line 1
 [[!meta title="Hardening pkgsrc"]]  This page has been moved to [the pkgsrc guide](//www.NetBSD.org/docs/pkgsrc/hardening.html).
 [pkgsrc](http://www.pkgsrc.org/) supports a number of mechanisms that are meant  
 to improve the security of compiled binaries. They can be individually enabled  
 in `mk.conf`, and consist of:  
 * `PKGSRC_MKPIE`: forces the creation of PIE (Position Independent  
   Executables) when supported on the current platform. This option is necessary  
   to fully leverage ASLR as a mitigation for security vulnerabilities.  
 * `PKGSRC_USE_FORTIFY`: allows substitute wrappers to be used for commonly used  
   functions that do not bounds checking regularly - but could in some cases.  
 * `PKGSRC_USE_RELRO`: this also makes the exploitation of some security  
   vulnerabilities more difficult in some cases.  
 * `PKGSRC_USE_SSP`: enables stack-smashing protection (again, on supported  

Removed from v.1.1  
changed lines
  Added in v.1.49

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb