[GRASS-dev] Compilation: hardening
Vaclav Petras
wenzeslaus at gmail.com
Thu Mar 27 16:22:09 PDT 2014
>
>
>
> Comment(by hamish):
> a guess- recent versions of Debian (and thus Ubuntu) packaging rules add
> hardening flags to the compiler CFLAGS. I believe one of the results of
> this is that it forces programs to crash instead of continuing on in a
> memory-corrupted state. It also adds a number of warnings to the compile
> log when it suspects something bad could happen.
>
> see https://wiki.debian.org/Hardening
>
> This might be very useful. Do you have some exact suggestion what flags to
use?
On Ubuntu 12.04 I get:
$ dpkg-buildflags
CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Wformat-security -Werror=format-security
CPPFLAGS=-D_FORTIFY_SOURCE=2
CXXFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Wformat-security -Werror=format-security
FFLAGS=-g -O2
LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro
So, I will put this into my configure script wrapper.
Vaclav
> You only get those flags for a self-compile if you add them manually or if
> you use the package build scripts.
>
>
> regards,
> Hamish
>
> --
> Ticket URL: <https://trac.osgeo.org/grass/ticket/2235#comment:5>
> GRASS GIS <http://grass.osgeo.org>
>
> _______________________________________________
> grass-dev mailing list
> grass-dev at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/grass-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/grass-dev/attachments/20140327/36fd66af/attachment.html>
More information about the grass-dev
mailing list