[pkgsrc/trunk]: pkgsrc/mk/defaults mk: Bump default hardening options.

[nia <nia%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/2f560f5bce8d
branches:  trunk
changeset: 458955:2f560f5bce8d
user:      nia <nia%pkgsrc.org@localhost>
date:      Mon Sep 27 14:31:55 2021 +0000

description:
mk: Bump default hardening options.

diffstat:

 mk/defaults/mk.conf |  8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diffs (36 lines):

diff -r 33f30421924a -r 2f560f5bce8d mk/defaults/mk.conf
--- a/mk/defaults/mk.conf       Mon Sep 27 14:30:47 2021 +0000
+++ b/mk/defaults/mk.conf       Mon Sep 27 14:31:55 2021 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mk.conf,v 1.318 2021/05/30 23:41:05 khorben Exp $
+# $NetBSD: mk.conf,v 1.319 2021/09/27 14:31:55 nia Exp $
 #
 
 # This file provides default values for variables that may be overridden
@@ -234,7 +234,7 @@
 # Possible: yes, no
 # Default: no
 
-PKGSRC_MKPIE?= no
+PKGSRC_MKPIE?= yes
 # If no, create regular executables. Otherwise create PIE (Position Independent
 # Executables, on supported platforms). This option is necessary to fully
 # leverage ASLR as a mitigation for security vulnerabilities.
@@ -271,7 +271,7 @@
 #
 # Keywords: fortify FORTIFY_SOURCE
 
-PKGSRC_USE_RELRO?= no
+PKGSRC_USE_RELRO?= full
 # Link with RELRO by default (on supported platforms). This makes the
 # exploitation of some security vulnerabilities more difficult in some cases.
 # Possible values:
@@ -281,7 +281,7 @@
 #
 # Keywords: relro
 
-PKGSRC_USE_SSP?= yes
+PKGSRC_USE_SSP?= strong
 # Configure this to enable stack smashing protection (on supported platforms).
 # Possible values:
 #      no:     Do not pass any stack protection flags