From 3b2d2e223302906c91def3d00688fa124af07e38 Mon Sep 17 00:00:00 2001 From: inference Date: Tue, 17 Jan 2023 05:01:05 +0000 Subject: [PATCH] Enable Firefox hardening flags since it is classified as an untrusted program which executes external, untrusted code. --- portage/env/firefox.conf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/portage/env/firefox.conf b/portage/env/firefox.conf index dc686b1..f8df5db 100644 --- a/portage/env/firefox.conf +++ b/portage/env/firefox.conf @@ -3,16 +3,16 @@ # Copyright 2022-2023 Inference # SPDX-License-Identifier: BSD-3-Clause-Clear -# Version: 3.0.1.4 +# Version: 4.0.0.5 # Flags ## Hardening flags -#C_SEC="-fPIC -fPIE -fstack-clash-protection -fstack-protector-strong -ftrivial-auto-var-init=zero -fwrapv" -#LD_SEC="-Wl,-pie -Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro" +C_SEC="-fPIC -fPIE -fstack-clash-protection -fstack-protector-strong -ftrivial-auto-var-init=zero -fwrapv" +LD_SEC="-Wl,-pie -Wl,-z,defs -Wl,-z,now -Wl,-z,relro" ## Compiler flags CFLAGS="-march=znver3 -mtune=znver3 -O2 -pipe -U__gnu_linux__" CXXFLAGS="-march=znver3 -mtune=znver3 -O2 -pipe" RUSTFLAGS="-C debuginfo=0 -C opt-level=2 -C target-cpu=znver3" ## Linker flags -LDFLAGS="-fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind" +LDFLAGS="-fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind -Wl,--strip-all"