Diff for /wikisrc/pkgsrc/hardening.mdwn between versions 1.36 and 1.37

version 1.36, 2017/11/12 15:02:00 version 1.37, 2017/11/12 15:12:49
Line 67  More details can be found here: Line 67  More details can be found here:
 ### PKGSRC_MKPIE  ### PKGSRC_MKPIE
   
 This requests the creation of PIE (Position Independent Executables) for all  This requests the creation of PIE (Position Independent Executables) for all
 executables. The PIE mechanism is normally used for shared libraries so that  executables. The PIE mechanism is normally used for shared libraries, so that
 they can be loaded at differing addresses at runtime. PIE itself does not have  they can be loaded at differing addresses at runtime. PIE itself does not have
 useful security properties.  However, some operating systems support Address  useful security properties; however, it is necessary to fully leverage some,
 Space Layout Randomization (ASLR), which causes different addresses to be used  such as ASLR.  Some operating systems support Address Space Layout Randomization
 each time a program is run. This makes it more difficult for an attacker to  (ASLR), which causes different addresses to be used each time a program is run.
 guess addresses and thus makes exploits harder to construct.  This makes it more difficult for an attacker to guess addresses and thus makes
   exploits harder to construct. With PIE, ASLR can really be applied to the entire
   program, instead of the stack and heap only.
   
 PIE executables will only be built for toolchains that are known to support PIE.  PIE executables will only be built for toolchains that are known to support PIE.
 Currently, this means NetBSD on amd64 and i386.  Currently, this means NetBSD on amd64 and i386.

Removed from v.1.36  
changed lines
  Added in v.1.37


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb