[Privoxy-devel] 0006-enable-lots-of-diagnostics
Fabian Keil
fk at fabiankeil.de
Thu Aug 17 09:00:58 CEST 2023
Lee <ler762 at protonmail.com> wrote on 2023-08-03 at 15:44:17:
> I would like feedback on what compiler options to use for hardening
> privoxy & what diagnostics should be enabled.
As far as I'm concerned you can enable whatever seems to
work on Windows and doesn't slow things down too much.
You can probably get inspiration from the Fedora and Debian folks
and I assume that the GnuPG people already thought about compiler
flags for Gpg4win as well.
Your patch seems to contain a lot of flag explanations.
Did you write them yourself or are they copied from another
source in which case there may be license issues. Maybe it
would be safer to shorten or remove the descriptions and let
readers who care look them up themselves in the compiler
documentation.
I think it's also worth mentioning that Privoxy security issues
usually aren't caught by "compiler flags" anyway so I personally
don't worry too much about them. For the FreeBSD/ElectroBSD port
I just use the defaults.
BTW, the "HardenedBSD" folks also seem to spend a lot of time on
"compiler flags" when the time (in my opinion) could be better
spend on code audits and code reviews to avoid security issues
like [0] and [1] etc.
Fabian
[0]: <https://www.fabiankeil.de/gehacktes/hardenedbsd/>
[1]: <https://github.com/HardenedBSD/hardenedBSD/commit/3e82f016d0d0b7b3498a729ee7fe43e0bc0ad51b>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.privoxy.org/pipermail/privoxy-devel/attachments/20230817/e8d0e11c/attachment.bin>
More information about the Privoxy-devel
mailing list