hardened-ld - linker wrapper to enforce hardening toolchain

NAME

       hardened-ld   -   linker   wrapper   to   enforce  hardening  toolchain
       improvements

SYNOPSIS

       export DEB_BUILD_HARDENING=1

       ld ...

DESCRIPTION

       The hardened-ld wrapper is normally used by calling ld  as  usual  with
       DEB_BUILD_HARDENING set to 1. It will configure the necessary toolchain
       hardening features. By default, all features are enabled.  If  a  given
       feature  does  not  work  correctly  and  needs  to  be  disabled,  the
       corresponding environment variables mentioned below can be set to 0.

ENVIRONMENT

       DEB_BUILD_HARDENING=1
              Enable hardening features.

       DEB_BUILD_HARDENING_DEBUG=1
              Print the full resulting  gcc  command  line  to  STDERR  before
              calling gcc.

       DEB_BUILD_HARDENING_RELRO=0
              Don’t mark ELF sections read-only after start. See README.Debian
              for details.

       DEB_BUILD_HARDENING_BINDNOW=0
              Don’t mark ELF  loader  for  start-up  dynamic  resolution.  See
              README.Debian for details.

NOTES

       System-wide  settings  can be added to /etc/hardening-wrapper.conf, one
       per line.

       The real ld is renamed ld.real, and  a  diversion  is  registered  with
       dpkg-divert(1).   Thus hardened-ld’s idea of the default ld is dictated
       by whatever package installed /usr/bin/ld.

NAME

SYNOPSIS

DESCRIPTION

ENVIRONMENT

NOTES

SEE ALSO