xenial (1) hardened-ld.1.gz

Provided by: hardening-wrapper_2.7ubuntu2_amd64 bug

NAME
       hardened-ld - linker wrapper to enforce hardening toolchain improvements


SYNOPSIS
       export DEB_BUILD_HARDENING=1

       ld ...


DESCRIPTION
       The  hardened-ld  wrapper  is  normally used by calling ld as usual with DEB_BUILD_HARDENING set to 1. It
       will configure the necessary toolchain hardening features. By default, all features  are  enabled.  If  a
       given  feature  does not work correctly and needs to be disabled, the corresponding environment variables
       mentioned below can be set to 0.


ENVIRONMENT
       DEB_BUILD_HARDENING=1
              Enable hardening features.

       DEB_BUILD_HARDENING_DEBUG=1
              Print the full resulting gcc command line to STDERR before calling gcc.

       DEB_BUILD_HARDENING_RELRO=0
              Don't mark ELF sections read-only after start. See README.Debian for details.

       DEB_BUILD_HARDENING_BINDNOW=0
              Don't mark ELF loader for start-up dynamic resolution. See README.Debian for details.


NOTES
       System-wide settings can be added to /etc/hardening-wrapper.conf, one per line.

       The real ld is renamed ld.real, and a diversion is registered with  dpkg-divert(1).   Thus  hardened-ld's
       idea of the default ld is dictated by whatever package installed /usr/bin/ld.


SEE ALSO
       hardened-cc(1) ld(1)