PIE/PIC support on base
David Carlier
david.carlier at hardenedbsd.org
Mon Oct 13 22:02:35 UTC 2014
Hi all,
HardenedBSD plans to add PIE support on base in various place.
These are B. Drewery suggestions :
The _pic ones are not needed. The main lib file just needs
INSTALL_PIC_ARCHIVE=yes.
Modifying CFLAGS in every Makefile is not right, just add a USE_PIE or
something to pull in common logic from share/mk.
Also I know that, at least for a start, it wished to be applied in some few
places, like tcpdump/traceroute, sendmail ... shells ... I thought about
also casper/capsicum ... ntp ... jail
Kind regards.
More information about the freebsd-arch
mailing list