Bugzilla – Bug 699
[patch] add a configure option to build as a PIE binary
Last modified: 2018-09-04 17:52:09 CEST
Created attachment 294 [details] Patch to add a --enable-pie option to unbound's configure In order to fully benefit from ASLR, unbound would need to be compiled as a Position-Independent Executable. While building as PIE may not be desirable by default for performance reason, would you be willing to add a configure option to do so? It would make it easier to build as PIE without the need to set custom CFLAGS/LDFLAGS, like Hardened Gentoo or Debian's hardening-wrapper are doing. Attached is a proposal to add such an option. Due to my lack of experience with autotools, I am not sure it is the best way to add such an option though.
Hi Remi, Thank you for your patch. It is well written, and I have integrated it. (also in NSD!). I hope this can increase the security of the server. Best regards, Wouter
http://www.securitas-epay.info/ securitas epay securitas epay login securitas epay register