Re: Additional hardening options
Bernhard Rosenkränzer <bero@...>
On Wed, Jan 26, 2022 at 02:39 AM, Paul Eggleton wrote:
I've been looking into a couple of compiler flags for hardening that I think weI've been looking into those flags (and a few more) a while back when picking compiler flags to use for Oniro.
-Wl,-z,-noexecstack is unproblematic, -fstack-clash-protection adds a bit of overhead, but it isn't all that bad (typically in the 2% range).
I've been able to build working systems with both flags enabled.
My full report is at