INSTALL.md: Don't try to enumerate all the hardening options

millert · millert · commit 95973ef72b76 · 2025-09-04T08:36:01.000-06:00
Just point people to https://best.openssf.org/Compiler-Hardening-Guides/ which is what sudo uses as a guide.
diff --git a/INSTALL.md b/INSTALL.md
@@ -222,10 +222,11 @@ Defaults are listed in brackets after the description.
 
     --disable-hardening
         Disable the use of compiler/linker exploit mitigation options
-        which are enabled by default.  This includes compiling with
-        _FORTIFY_SOURCE defined to 2, building with -fstack-protector,
-        -fstack-clash-protection, -fcf-protection and linking with
-        -zrelro, -znow, and -znoexecstack where supported.
+        which are enabled by default.  Sudo uses hardening options
+        from https://best.openssf.org/Compiler-Hardening-Guides
+        where supported.  When building a sudo package on a system
+        with its own hardening defaults, you may wish to disable
+        sudo's options in favor of the native ones.
 
     --disable-largefile
         Disable support for large (64-bit) files on 32-bit systems
