Wireshark-dev: Re: [Wireshark-dev] Wireshark and hardening flags
From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Date: Thu, 24 Sep 2015 09:51:04 -0400
On 09/24/2015 05:04 AM, Alexis La Goutte wrote:
Hi Balint

No a problem for me to add PIE on Wireshark
But no need to check if lib (Qt) use also PIE ?

We already do--at least with autofoo (cmake seems to pick up the PIE flags from Qt's config directly).

But I don't think there's a problem if we're compiled PIE and libraries we use aren't.

On Thu, Sep 24, 2015 at 10:49 AM, Bálint Réczey <balint@xxxxxxxxxxxxxxx
<mailto:balint@xxxxxxxxxxxxxxx>> wrote:

    Hi All,

    I have just created a review to add PIE when it is available to
    default flags:
    https://code.wireshark.org/review/#/c/10635

    I think this matter is worth discussion here, too.
    Should we enable more compiler flags which make Wireshark more secure
    by default?

    I Debian I will enable all hardening flags thus Debian users will be
    protected, but I wonder if we want to enable some of them in vanilla
    Wireshark as well.

I don't have much of an opinion either way but Fedora also compiles Wireshark with PIE:

http://pkgs.fedoraproject.org/cgit/wireshark.git/tree/wireshark.spec?id=76137e2b71a42cf2a54565ffdfc3b0dbee551ba6#n176