Summary

This spec defines a hardened toolchain aspect of the Ubuntu Hardened Team specified in HardenedUbuntu: The Ubuntu Hardened Toolchain Team.

Rationale

In the course of building an Ubuntu Linux package, numerous security enhancements can be applied such as GccSsp or PositionIndependentExecutables. The toolchain should enable these by default and they should be disabled in specific packages.

Use cases

Scope

The scope of the hardened toolchain includes any enhancements made to the toolchain that can do any of the following without harming run-time performance unreasonably:

Design

Implementation

Currently GccSsp is implemented. In the future Ubuntu should consider using PositionIndependentExecutables and also should take advantage of using FORTIFY_SOURCE strictly for compile-time checks.

Code

Typically this involves specs file hacking.

Data preservation and migration

Unresolved issues

BoF agenda and discussion


CategorySpec

HardenedUbuntu/Toolchain (last edited 2008-08-06 16:37:20 by localhost)