[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Enabling compiler warning flags

From: Mike Frysinger
Subject: Re: Enabling compiler warning flags
Date: Tue, 18 Dec 2012 13:44:01 -0500
User-agent: KMail/1.13.7 (Linux/3.7.1; KDE/4.6.5; x86_64; ; )

On Tuesday 18 December 2012 02:55:23 Jeffrey Walton wrote:
> On Tue, Dec 18, 2012 at 1:44 AM, Mike Frysinger wrote:
> > On Tuesday 18 December 2012 01:10:14 Jeffrey Walton wrote:
> >> If you are going to try the waters with warnings, you should also
> >> consider the flags to integrate with platform security.
> >> 
> >> Platform security integration includes fortified sources and stack
> >> 
> >> protectors. Here are the flags of interest:
> >>   * -fstack-protector-all
> >>   * -z,noexecstack
> >>   * -z,noexecheap (or other measure, such as W^X)
> >>   * -z,relro
> >>   * -z,now
> >>   * -fPIE and -pie for executables
> > 
> > if you do choose to add these to your configure script, you should
> > provide a flag to control the behavior (default enabling is OK).  some
> > of these are not cheap, especially for some architectures.
> Good point. A noexec stack or noexec heap can be costly if using PaX.

those weren't the ones i was thinking of actually :).  the mainline kernel 
itself handles the GNU_STACK segment, although it relies on hardware support 
for it.  if the hardware doesn't support it, then that's where PaX's software 
implementation might come into play.

> What abstractions does Autoconf have to identify platforms and
> security measures so a maintainer can supply one configure that works
> for all platforms and architectures?

if you use AC_CANONICAL_HOST, you get access to $host_os (e.g. "linux") and 
$host_cpu (e.g. "x86_64").  but that's about it.

> For example, noexec stacks should
> be enabled by default on x86 and x64. To split hairs even further,
> noexec stacks should be on by default for x86 and x64, while noexec
> heaps should be in effect on Gentoo systems running on x86 and x64.

noexec is already enabled by default for all Linux/gcc/glibc targets.  there 
should be no need for people to specify it themselves.  the only time it 
really comes up anymore is if someone is writing pure assembly and didn't put 
the prerequisite section in there.

Attachment: signature.asc
Description: This is a digitally signed message part.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]