Fijxu/nginx-ktls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

added exploit mitigations (full RELRO, full SSP)

Browse source
This commit is contained in:
Ricard Bejarano 2019-03-20 07:06:19 +01:00
parent f821e0a5dd
commit e90cc3bac9
No known key found for this signature in database
GPG key ID: 5A5105DD6B91CA19
2 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -14,7 +14,7 @@ Available at [`ricardbejarano/nginx`](https://hub.docker.com/r/ricardbejarano/ng
## Features ## Features
* Super tiny (`glibc`-based is `~13MB` and `musl`-based is `~12.5MB`) * Super tiny (`glibc`-based is `~13.2MB` and `musl`-based is `~12.5MB`)
* Built from source, including libraries * Built from source, including libraries
* Built from `scratch`, see the [Filesystem](#Filesystem) section below for an exhaustive list of the image's contents * Built from `scratch`, see the [Filesystem](#Filesystem) section below for an exhaustive list of the image's contents
* Included [TLS1.3](https://tools.ietf.org/html/rfc8446) protocol support (with [OpenSSL](https://www.openssl.org/)) * Included [TLS1.3](https://tools.ietf.org/html/rfc8446) protocol support (with [OpenSSL](https://www.openssl.org/))

2
glibc/Dockerfile
View file

@ -12,6 +12,8 @@ ARG OPENSSL_CHECKSUM="5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b
ARG NGINX_VERSION="1.15.9" ARG NGINX_VERSION="1.15.9"
ARG NGINX_CHECKSUM="e4cfba989bba614cd53f3f406ac6da9f05977d6b1296e5d20a299f10c2d7ae43" ARG NGINX_CHECKSUM="e4cfba989bba614cd53f3f406ac6da9f05977d6b1296e5d20a299f10c2d7ae43"
ARG NGINX_CONFIG="\ ARG NGINX_CONFIG="\
--with-cc-opt='-fstack-protector-all' \
--with-ld-opt='-Wl,-z,relro,-z,now' \
--sbin-path=/nginx \ --sbin-path=/nginx \
--conf-path=/etc/nginx/nginx.conf \ --conf-path=/etc/nginx/nginx.conf \
--pid-path=/tmp/nginx.pid \ --pid-path=/tmp/nginx.pid \