Re: Additional hardening options


Robert Berger
 

Hi,

This[1] is what I usually add as well to the security flags.

With respect to the "default" flags I had some fun with the SDK and -D_FORTIFY_SOURCE=2 and -fstack-protector-strong.

I guess they do have some performance impact as well, but I did not do very thorough research.

Also, I did not confirm it yet but suspect that some of those flags might be the reason for "debuginfod gdb: *** stack smashing detected ***: terminated".[2]

[1] https://gitlab.com/meta-layers/meta-resy/-/blob/master/conf/distro/include/more_security_flags.inc

[2] https://bugzilla.yoctoproject.org/show_bug.cgi?id=14570

Regards,

Robert

Join yocto@lists.yoctoproject.org to automatically receive all group messages.