Diff for /wikisrc/pkgsrc/hardening.mdwn between versions 1.33 and 1.34

version 1.33, 2017/11/07 02:37:43 version 1.34, 2017/11/07 02:38:59
Line 44  the meantime. This can happen in case of Line 44  the meantime. This can happen in case of
 and therefore exposing these bugs.  and therefore exposing these bugs.
   
 Different mitigation levels are available:  Different mitigation levels are available:
   
 * the default ("yes"), which will only protect functions considered vulnerable  * the default ("yes"), which will only protect functions considered vulnerable
   by the compiler;    by the compiler;
 * "all", which will protect every function;  * "all", which will protect every function;
Line 56  for unsafe programming languages, such a Line 57  for unsafe programming languages, such a
 It is enabled by default where known supported since pkgsrc-2017Q3.  It is enabled by default where known supported since pkgsrc-2017Q3.
   
 More details can be found here:  More details can be found here:
   
 * <https://en.wikipedia.org/wiki/Buffer_overflow_protection>  * <https://en.wikipedia.org/wiki/Buffer_overflow_protection>
   
 ## Enabled by default in pkgsrc HEAD  ## Enabled by default in pkgsrc HEAD
Line 82  This also makes the exploitation of some Line 84  This also makes the exploitation of some
 difficult in some cases.  difficult in some cases.
   
 Two different mitigation levels are available:  Two different mitigation levels are available:
   
 * partial: the ELF sections are reordered so that internal data sections  * partial: the ELF sections are reordered so that internal data sections
   precede the program's own data sections, and non-PLT GOT is read-only;    precede the program's own data sections, and non-PLT GOT is read-only;
 * full: in addition to partial RELRO, every relocation is performed immediately  * full: in addition to partial RELRO, every relocation is performed immediately
Line 92  This is currently supported by GCC. Many Line 95  This is currently supported by GCC. Many
 feature by default, at the "partial" level.  feature by default, at the "partial" level.
   
 More details can be found here:  More details can be found here:
   
 * <http://tk-blog.blogspot.co.at/2009/02/relro-not-so-well-known-memory.html>  * <http://tk-blog.blogspot.co.at/2009/02/relro-not-so-well-known-memory.html>
   
 ### PKGSRC_USE_STACK_CHECK  ### PKGSRC_USE_STACK_CHECK

Removed from v.1.33  
changed lines
  Added in v.1.34


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb