- Additional hardening options
Re: Additional hardening options
toggle quoted messageShow quoted text
I guess you can submit a patch, and it can be taken for a spin on the autobuilder?
On Wednesday, 26 January 2022 14:39:39 NZDT Paul Eggleton wrote:
> Hi folks
> I've been looking into a couple of compiler flags for hardening that I think
> we might want to consider enabling by default in security-flags.inc:
> 1) -fstack-clash-protection
> This option was introduced to gcc 8.x and provides protection against the
> stack clash vulnerability:
> It has been enabled in some Linux distributions already (e.g. Ubuntu,
Another quirk of this - with dunfell, the buildepoxy SDK test fails on Ubuntu
18.04 with -fstack-clash-protection because the version of meson in dunfell
uses the same LDFLAGS value for both host and target, and host gcc doesn't
support that option. Not sure what to do other than just filtering out the
option from LDFLAGS in the test.
Join email@example.com to automatically receive all group messages.