File:  [NetBSD Developer Wiki] / wikisrc / pkgsrc / hardening.mdwn
Revision 1.1: download - view: text, annotated - select for diffs
Thu Mar 17 02:45:18 2016 UTC (5 years, 10 months ago) by khorben
Branches: MAIN
CVS tags: HEAD
Begin a page on hardening pkgsrc

[[!meta title="Hardening pkgsrc"]]

[pkgsrc](http://www.pkgsrc.org/) supports a number of mechanisms that are meant
to improve the security of compiled binaries. They can be individually enabled
in `mk.conf`, and consist of:

* `PKGSRC_MKPIE`: forces the creation of PIE (Position Independent
  Executables) when supported on the current platform. This option is necessary
  to fully leverage ASLR as a mitigation for security vulnerabilities.
* `PKGSRC_USE_FORTIFY`: allows substitute wrappers to be used for commonly used
  functions that do not bounds checking regularly - but could in some cases.
* `PKGSRC_USE_RELRO`: this also makes the exploitation of some security
  vulnerabilities more difficult in some cases.
* `PKGSRC_USE_SSP`: enables stack-smashing protection (again, on supported
  platforms)


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb