Annotation of wikisrc/pkgsrc/hardening.mdwn, revision 1.1
1.1 ! khorben 1: [[!meta title="Hardening pkgsrc"]]
! 3: [pkgsrc](http://www.pkgsrc.org/) supports a number of mechanisms that are meant
! 4: to improve the security of compiled binaries. They can be individually enabled
! 5: in `mk.conf`, and consist of:
! 7: * `PKGSRC_MKPIE`: forces the creation of PIE (Position Independent
! 8: Executables) when supported on the current platform. This option is necessary
! 9: to fully leverage ASLR as a mitigation for security vulnerabilities.
! 10: * `PKGSRC_USE_FORTIFY`: allows substitute wrappers to be used for commonly used
! 11: functions that do not bounds checking regularly - but could in some cases.
! 12: * `PKGSRC_USE_RELRO`: this also makes the exploitation of some security
! 13: vulnerabilities more difficult in some cases.
! 14: * `PKGSRC_USE_SSP`: enables stack-smashing protection (again, on supported
! 15: platforms)
CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb