Re: Additional hardening options

Alexander Kanavin

I guess you can submit a patch, and it can be taken for a spin on the autobuilder?


On Wed, 26 Jan 2022 at 22:17, Paul Eggleton <bluelightning@...> wrote:
On Wednesday, 26 January 2022 14:39:39 NZDT Paul Eggleton wrote:
> Hi folks
> I've been looking into a couple of compiler flags for hardening that I think
> we might want to consider enabling by default in
> 1) -fstack-clash-protection
> This option was introduced to gcc 8.x and provides protection against the
> stack clash vulnerability:
> It has been enabled in some Linux distributions already (e.g. Ubuntu,
> Fedora).

Another quirk of this - with dunfell, the buildepoxy SDK test fails on Ubuntu
18.04 with -fstack-clash-protection because the version of meson in dunfell
uses the same LDFLAGS value for both host and target, and host gcc doesn't
support that option. Not sure what to do other than just filtering out the
option from LDFLAGS in the test.


Join to automatically receive all group messages.