Summary: | app-text/ghostscript-gpl add more hardening flags | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Agostino Sarubbo <ago> |
Component: | Current packages | Assignee: | Printing Team <printing> |
Status: | RESOLVED NEEDINFO | ||
Severity: | enhancement | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2016-03-14 22:28:24 UTC
(In reply to Agostino Sarubbo from comment #0) > I discovered that ghostscript-gpl has ~180 unresolved bugs derived from > fuzzing. So it is really dangerous for the security side. > > I'd suggest to add some flags to make it hardened. > > What do you think? That you should probably provide more information on what you precisely want. I guess CFLAGS="-fPIE -fstack-protector-all -fstack-check=specific" and LDFLAGS="-pie" are enough. What I said are the default in openssh. You can check the flags with hardening-check tool(in portage) or checksec |