Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 15 May 2012 05:33:14 +0400
From: Solar Designer <>
Cc: Keegan McAllister <>
Subject: Automatic binary hardening with Autoconf


I'd like this sort of topics to be brought up in here, so I'll start by
referring to some blog posts.

Here's an interesting one by Keegan McAllister:

This suggests (and shows how) individual programs that use autoconf may
automatically enable the usual set of compile-time hardening settings
that are otherwise normally provided by builds for/by/on hardened
distros only.  This is not rocket science, yet the provided examples may
be reused and it may become a trend.

Also interesting are the performance impact numbers (up to 30%), which
are far worse than those I've seen posted before (up to 5.8%):

Perhaps this has to do with the specific code being protected and
benchmarked (some crypto code in Mosh?)

An edit to this comment:

says that the impact is less with Ubuntu 12.04's GCC 4.6.3 - but I think
this may be because Ubuntu's GCC has some of the hardening enabled by
default (so its baseline performance is worse, not the impact is less).


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.