Wireshark mailing list archives

Re: Wireshark and hardening flags

From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Thu, 24 Sep 2015 09:51:04 -0400

On 09/24/2015 05:04 AM, Alexis La Goutte wrote:

Hi Balint

No a problem for me to add PIE on Wireshark
But no need to check if lib (Qt) use also PIE ?

We already do--at least with autofoo (cmake seems to pick up the PIEflags from Qt's config directly).

But I don't think there's a problem if we're compiled PIE and librarieswe use aren't.

On Thu, Sep 24, 2015 at 10:49 AM, Bálint Réczey <balint () balintreczey hu
<mailto:balint () balintreczey hu>> wrote:

    Hi All,

    I have just created a review to add PIE when it is available to
    default flags:
    https://code.wireshark.org/review/#/c/10635

    I think this matter is worth discussion here, too.
    Should we enable more compiler flags which make Wireshark more secure
    by default?

    I Debian I will enable all hardening flags thus Debian users will be
    protected, but I wonder if we want to enable some of them in vanilla
    Wireshark as well.

I don't have much of an opinion either way but Fedora also compilesWireshark with PIE:


http://pkgs.fedoraproject.org/cgit/wireshark.git/tree/wireshark.spec?id=76137e2b71a42cf2a54565ffdfc3b0dbee551ba6#n176

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Wireshark and hardening flags Bálint Réczey (Sep 24)
- Re: Wireshark and hardening flags Alexis La Goutte (Sep 24)
  - Re: Wireshark and hardening flags Jeff Morriss (Sep 24)
    - Re: Wireshark and hardening flags Gerald Combs (Sep 24)