@@ -208,6 +208,10 @@ build process, it is recommended to disable RTLD hardening in case of failure.
When using Poudriere, adding `hardening.harden_rtld=0` to the `JAIL_PARAMS`
configuration variable is sufficient.
Some applications, like LibreOffice, (ab)use `LD_LIBRARY_PATH`. Applications
needing to make use scrubbed environment variables require that the
`hardening.harden_rtld` sysctl node be set to `0`.
# Address Space Layout Randomization (ASLR)
ASLR randomizes the layout of the virtual address space of a process
@@ -730,16 +734,14 @@ The HardenedBSD Ports and Packages offers a simple way to install applications.
The Ports Collection lives outside the context of the base OS.
We automatically sync every six hours with FreeBSD.
For 12-stable, 13-stable and 14-current there is only one git branch dedicated to ports, namely: "[hardenedbsd/main](https://git.hardenedbsd.org/hardenedbsd/ports/-/tree/hardenedbsd/main)"
For 13-stable and 14-current there is only one git branch dedicated to ports, namely: "[hardenedbsd/main](https://git.hardenedbsd.org/hardenedbsd/ports/-/tree/hardenedbsd/main)"
We don't support [FreeBSD's quarterly ports branches](https://wiki.freebsd.org/Ports/QuarterlyBranch) because we don't have a ports team specifically to track backporting security fixes for all the ports in the tree.
The package repos are built from the ports repo.
Ports are generally more up to date than packages due to the build time required to produce the packages.
You can follow the building of the packages from the following links: