Commit 32c162e8 authored by T(A)ILS developers's avatar T(A)ILS developers
Browse files

Design draft: hardened toolchain rephrasing.

parent f783c8dc
......@@ -345,18 +345,18 @@ software.
### 2.7.5 Hardened tool chain and compiling
**FIXME**: change the "compile all software" recommendation into
something like "carefully balance the added security provided by
compiling all software with hardening options vs. cost in developers
time, ease of maintenance and new contributors involvement".
As an addition to the security against exploitable vulnerabilities
provided by the kernel, compiling software with stack smashing
protection, address space layout randomization and similar compiler
security enhancements is recommended. Note that in some circumstances
compiler level stuff is necessary for utilizing the kernel security
features. Because of this it is recommended to compile essentially all
software from sources to take benefit from these security features.
features. Thus the implementation of this feature might depend on the
vendor distribution used to build the PELD upon. If it hasn't been
widely deployed at this level, their implementation might require a lot
of time for the PELD developers and impact its ease of maintenance,
which would make it harder for new contributors to involve in the
project. For this reasons, implementation of this feature should be
carefully balanced between its costs and the extra security it brings.
### 2.7.6 Cryptographic tools
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment