Diff for /wikisrc/pkgsrc/hardening.mdwn between versions 1.35 and 1.36

version 1.35, 2017/11/12 14:59:14 version 1.36, 2017/11/12 15:02:00
Line 66  More details can be found here: Line 66  More details can be found here:
   
 ### PKGSRC_MKPIE  ### PKGSRC_MKPIE
   
 This requests the the creation of PIE (Position Independent  This requests the creation of PIE (Position Independent Executables) for all
 Executables) for all executables. The PIE mechanism is normally used  executables. The PIE mechanism is normally used for shared libraries so that
 for shared libraries so that they can be loaded at differing addresses  they can be loaded at differing addresses at runtime. PIE itself does not have
 at runtime. PIE itself does not have useful security properties.  useful security properties.  However, some operating systems support Address
 However, some operating systems support Address Space Layout  Space Layout Randomization (ASLR), which causes different addresses to be used
 Randomization (ASLR), which causes different addresses to be used each  each time a program is run. This makes it more difficult for an attacker to
 time a program is run. This makes it more difficult for an attacker  guess addresses and thus makes exploits harder to construct.
 to guess addresses and thus makes exploits harder to construct.  
   
 PIE executables will only be built for toolchains that are known to support PIE.  PIE executables will only be built for toolchains that are known to support PIE.
 Currently, this means NetBSD on amd64 and i386.  Currently, this means NetBSD on amd64 and i386.

Removed from v.1.35  
changed lines
  Added in v.1.36


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb