To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos.service
- Committer: Teddy Hogeborn
- Date: 2019-07-14 22:39:15 UTC
- Revision ID: teddy@recompile.se-20190714223915-aqjkms3t3taa6tye
Only use sanitizing options when debugging
The C compiler's sanitizing options introduce code in the output
binary which is fragile and not very security conscious. It has
become clear that sanitizing is only really meant for use while
debugging.
As a side effect, this makes compilation faster, as the Makefile, for
production builds, no longer runs the compiler repeatedly to find all
its currently supported sanitizing options.
* Makefile (DEBUG): Add "$(SANITIZE)".
(SANITIZE): Comment out.
(CFLAGS): Remove "$(SANITIZE)".
(plugins.d/mandos-client): Revert back to use plain $(LINK.c), since
we no longer need to remove the leak
sanitizer by overriding CFLAGS.
The C compiler's sanitizing options introduce code in the output
binary which is fragile and not very security conscious. It has
become clear that sanitizing is only really meant for use while
debugging.
As a side effect, this makes compilation faster, as the Makefile, for
production builds, no longer runs the compiler repeatedly to find all
its currently supported sanitizing options.
* Makefile (DEBUG): Add "$(SANITIZE)".
(SANITIZE): Comment out.
(CFLAGS): Remove "$(SANITIZE)".
(plugins.d/mandos-client): Revert back to use plain $(LINK.c), since
we no longer need to remove the leak
sanitizer by overriding CFLAGS.
- files added:
- debian/mandos-client.templates
- files removed:
- initramfs-tools-hook-conf
- files modified:
- .bzrignore
added
removed
mandos.service
