[[!meta title="Hardening pkgsrc"]]
[pkgsrc](http://www.pkgsrc.org/) supports a number of mechanisms that are meant
to improve the security of compiled binaries. They can be individually enabled
in `mk.conf`, and consist of:
* `PKGSRC_MKPIE`: forces the creation of PIE (Position Independent
Executables) when supported on the current platform. This option is necessary
to fully leverage ASLR as a mitigation for security vulnerabilities.
* `PKGSRC_USE_FORTIFY`: allows substitute wrappers to be used for commonly used
functions that do not bounds checking regularly - but could in some cases.
* `PKGSRC_USE_RELRO`: this also makes the exploitation of some security
vulnerabilities more difficult in some cases.
* `PKGSRC_USE_SSP`: enables stack-smashing protection (again, on supported
platforms)
CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb
![[BACK]](/icons/back.gif){kind=icon}
Return to hardening.mdwn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [NetBSD Developer Wiki] / wikisrc / pkgsrc