Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Dominic Hargreaves <dom <at> earth.li>
Subject: Building perl with hardened build flags
Newsgroups: gmane.comp.lang.perl.perl5.porters
Date: Tuesday 7th February 2012 20:48:12 UTC (over 4 years ago)
Hello,

As discussed in <http://bugs.debian.org/657853/>
we are adding various
hardening build flags to the perl build in Debian, as part of a Debian
release goal[1].

The version currently in Debian experimental has the following additional
flags defined:

ccflags: add -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Wformat-security
-Werror=format-security

(note: -fstack-protector is added by perl's config already, but is also
in the standard set of flags defined by the Debian dpkg-buildflags
utility; -g -O2 is also not new, at least for the non-debugging build).

ldflags: -Wl,-z,relro

Notes on what the flags do are availble at [2].

These flags will also be enabled on XS modules built on Debian once this
goes into unstable. I've just kicked off a test rebuild of all CPAN 
modules in Debian with the perl from experimental, to try and catch any
severe breakage introduced by this.

My question: does anyone know of any problems with using these flags with
perl?

Thanks,
Dominic.
 
[1] <http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags>
[2] <http://wiki.debian.org/Hardening>

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
 
CD: 3ms