OPNsense Forum

English Forums => Development and Code Review => Topic started by: lattera on August 17, 2016, 01:46:11 am

Title: CFT: Ports PIE, RELRO + BIND_NOW
Post by: lattera on August 17, 2016, 01:46:11 am

I've now finished porting over HardenedBSD's ports PIE with RELRO + BIND_NOW support. If you make your own builds of OPNsense and you're feeling adventurous, give the hardening/pie ports feature branch a try: https://github.com/opnsense/ports/tree/hardening/pie

HardenedBSD is currently running a package build for their 12-CURRENT/LibreSSL/amd64 repo. Once that is done, I will do an experimental run (aka, exp-run) to make sure there aren't dragons lurking in corners. If the exp-run finishes successfully, I plan to merge the feature branch into master.

Title: Re: CFT: Ports PIE, RELRO + BIND_NOW
Post by: lattera on August 23, 2016, 10:58:44 am

The exp-run has officially begun!