Launchpad entry: none yet
Created: 2006-08-02 by JohnMoser
This spec defines a hardened toolchain aspect of the Ubuntu Hardened Team specified in HardenedUbuntu: The Ubuntu Hardened Toolchain Team.
In the course of building an Ubuntu Linux package, numerous security enhancements can be applied such as GccSsp or PositionIndependentExecutables. The toolchain should enable these by default and they should be disabled in specific packages.
GccSsp defines a strategy for building all of Ubuntu with stack smash protection, using a modified compiler specs file.
PositionIndependentExecutables can be implemented with a modified compiler specs file.
The scope of the hardened toolchain includes any enhancements made to the toolchain that can do any of the following without harming run-time performance unreasonably:
- Trap exploitable bugs at run-time and prevent the program from being compromised during an attack.
- Detect exploitable bugs during compilation and warn or error so that they can be fixed.
Typically this involves specs file hacking.
Data preservation and migration