Re: Enabling compiler warning flags

[Jeffrey Walton]

On Tue, Dec 18, 2012 at 1:44 AM, Mike Frysinger <address@hidden> wrote:
> On Tuesday 18 December 2012 01:10:14 Jeffrey Walton wrote:
>> If you are going to try the waters with warnings, you should also
>> consider the flags to integrate with platform security.
>>
>> Platform security integration includes fortified sources and stack
>> protectors. Here are the flags of interest:
>>   * -fstack-protector-all
>>   * -z,noexecstack
>>   * -z,noexecheap (or other measure, such as W^X)
>>   * -z,relro
>>   * -z,now
>>   * -fPIE and -pie for executables
>
> if you do choose to add these to your configure script, you should provide a
> flag to control the behavior (default enabling is OK).  some of these are not
> cheap, especially for some architectures.
Good point. A noexec stack or noexec heap can be costly if using PaX.

What abstractions does Autoconf have to identify platforms and
security measures so a maintainer can supply one configure that works
for all platforms and architectures? For example, noexec stacks should
be enabled by default on x86 and x64. To split hairs even further,
noexec stacks should be on by default for x86 and x64, while noexec
heaps should be in effect on Gentoo systems running on x86 and x64.

Leaving these security related decisions to developers has a history
of failures due to gaps in awareness and knowledge (confer: audit the
software at ftp.gnu.org). In this case, Autoconf can close the gap and
be part of the solution.

Jeff