Re: hardening

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: hardening

From:	Joshua Branson
Subject:	Re: hardening
Date:	Mon, 29 Jan 2018 11:21:33 -0800

Is this something anyone can start using now?  Like I can modify my config.scm 
file somehow and start enjoying a hardened guix?

On Mon, Jan 29, 2018, at 4:44 AM, address@hidden wrote:
> Hi,
> 
> as we've long talked and not really taken action on hardening builds
> I've started working on an opt-in way as last discussed in
> september 2016, modifying the gnu-build-system with a
> #:hardening-flags keyword.
> 
> For my testing purposes I will use
> 
> > CFLAGS="-fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2" 
> > LDFLAGS="-Wl,-z,now -Wl,-z,relro"
> 
> which is used by Gentoo, but adjustments (wether to opt-in or
> opt-out) will be made.
> -- 
> ng0 :: https://ea.n0.is
> A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/
>

[Prev in Thread]

Current Thread

[Next in Thread]

hardening, ng0, 2018/01/29
- Re: hardening, Joshua Branson <=
  - Re: hardening, ng0, 2018/01/29
- Re: hardening, Alex Vong, 2018/01/31

Prev by Date: Re: Errors encountered in building guix from source.
Next by Date: Re: hardening
Previous by thread: hardening
Next by thread: Re: hardening
Index(es):
- Date
- Thread