[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Enabling compiler warning flags
From: |
Mike Frysinger |
Subject: |
Re: Enabling compiler warning flags |
Date: |
Tue, 18 Dec 2012 01:44:48 -0500 |
User-agent: |
KMail/1.13.7 (Linux/3.7.1; KDE/4.6.5; x86_64; ; ) |
On Tuesday 18 December 2012 01:10:14 Jeffrey Walton wrote:
> If you are going to try the waters with warnings, you should also
> consider the flags to integrate with platform security.
>
> Platform security integration includes fortified sources and stack
> protectors. Here are the flags of interest:
> * -fstack-protector-all
> * -z,noexecstack
> * -z,noexecheap (or other measure, such as W^X)
> * -z,relro
> * -z,now
> * -fPIE and -pie for executables
if you do choose to add these to your configure script, you should provide a
flag to control the behavior (default enabling is OK). some of these are not
cheap, especially for some architectures.
-mike
signature.asc
Description: This is a digitally signed message part.
Re: Enabling compiler warning flags, Mike Frysinger, 2012/12/18