Wireshark mailing list archives
Re: Wireshark and hardening flags
From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Thu, 24 Sep 2015 09:51:04 -0400
On 09/24/2015 05:04 AM, Alexis La Goutte wrote:
Hi Balint No a problem for me to add PIE on Wireshark But no need to check if lib (Qt) use also PIE ?
We already do--at least with autofoo (cmake seems to pick up the PIE flags from Qt's config directly).
But I don't think there's a problem if we're compiled PIE and libraries we use aren't.
On Thu, Sep 24, 2015 at 10:49 AM, Bálint Réczey <balint () balintreczey hu <mailto:balint () balintreczey hu>> wrote: Hi All, I have just created a review to add PIE when it is available to default flags: https://code.wireshark.org/review/#/c/10635 I think this matter is worth discussion here, too. Should we enable more compiler flags which make Wireshark more secure by default? I Debian I will enable all hardening flags thus Debian users will be protected, but I wonder if we want to enable some of them in vanilla Wireshark as well.
I don't have much of an opinion either way but Fedora also compiles Wireshark with PIE:
http://pkgs.fedoraproject.org/cgit/wireshark.git/tree/wireshark.spec?id=76137e2b71a42cf2a54565ffdfc3b0dbee551ba6#n176 ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Wireshark and hardening flags Bálint Réczey (Sep 24)
- Re: Wireshark and hardening flags Alexis La Goutte (Sep 24)
- Re: Wireshark and hardening flags Jeff Morriss (Sep 24)
- Re: Wireshark and hardening flags Gerald Combs (Sep 24)
- Re: Wireshark and hardening flags Jeff Morriss (Sep 24)
- Re: Wireshark and hardening flags Alexis La Goutte (Sep 24)