Bug#657853: Building perl with hardened build flags
Dominic Hargreaves
dom at earth.li
Tue Feb 7 20:48:12 UTC 2012
Hello,
As discussed in <http://bugs.debian.org/657853/> we are adding various
hardening build flags to the perl build in Debian, as part of a Debian
release goal[1].
The version currently in Debian experimental has the following additional
flags defined:
ccflags: add -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security
(note: -fstack-protector is added by perl's config already, but is also
in the standard set of flags defined by the Debian dpkg-buildflags
utility; -g -O2 is also not new, at least for the non-debugging build).
ldflags: -Wl,-z,relro
Notes on what the flags do are availble at [2].
These flags will also be enabled on XS modules built on Debian once this
goes into unstable. I've just kicked off a test rebuild of all CPAN
modules in Debian with the perl from experimental, to try and catch any
severe breakage introduced by this.
My question: does anyone know of any problems with using these flags with
perl?
Thanks,
Dominic.
[1] <http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags>
[2] <http://wiki.debian.org/Hardening>
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
More information about the Perl-maintainers
mailing list