Hi, This may be a silly / obvious question to ask, but: do any of the proposed hardening options _really_ change the ABI?
I think LLVM/Clang's ASan implementation does (for Feature: "symbol size changing for global variables" on https://github.com/google/sanitizers/wiki/AddressSanitizerClangVsGCC) but couldn't confirm if that is the case with GCC (which seems to not implement that particular feature, at least). If there's no ABI change, creation of a new arch and gnuhardened*-*-* triplet wouldn't be needed; hardened packages would be co-installable with official ones without using multi-arch; and perhaps all that is needed is a separate archive suite, to achieve what was suggested on http://balintreczey.hu/blog/proposing-amd64-hardened-architecture-for-debian/ (Or, packages in the main archive could enable those hardening options?). Thanks, Regards, -- Steven Chamberlain [email protected]
signature.asc
Description: Digital signature
