On Fri, Sep 16, 2011 at 9:58 AM, Jeffrey Walton <noloa...@gmail.com> wrote:
> Probably off topic: I did not see Crypto++ in packages > (http://mirror.ece.vt.edu/pub/OpenBSD/4.9/packages/i386/). When does a > program or library move from ports and packages > (http://www.openbsd.org/faq/faq15.html#PkgVsPorts)? That's because there are no packages available as of now... > If interested, attached is a patch I use to add linker hardening. I > apply it against Crypto++'s source tree (which should not be too > different from OpenBSD's copy). -z relro and -z,now mitigate GOT and > PLT attacks, while PIE adds ASLR (I'm not clear if its a stock setting > for OpenBSD). Thanks Jeff, I will have a look at it. > The patch also adds the shared object and the archive as a target of > 'make all', handles a missing archive gracefully on 'make install', > adds a 'make remove', and adds the shared object to 'make clean'. The former is already handled by the port > I believe the linker switches are consistent with the Security > Recommendations outlined at http://www.openbsd.org/porting.html. If > the project is interested, its a public domain patch. > > Jeff > cheers, David
