[GRASS-dev] Compilation: hardening

Vaclav Petras wenzeslaus at gmail.com
Thu Mar 27 16:22:09 PDT 2014


>
>
>
> Comment(by hamish):
>  a guess- recent versions of Debian (and thus Ubuntu) packaging rules add
>  hardening flags to the compiler CFLAGS. I believe one of the results of
>  this is that it forces programs to crash instead of continuing on in a
>  memory-corrupted state. It also adds a number of warnings to the compile
>  log when it suspects something bad could happen.
>
>  see https://wiki.debian.org/Hardening
>
> This might be very useful. Do you have some exact suggestion what flags to
use?

On Ubuntu 12.04 I get:

$ dpkg-buildflags
CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Wformat-security -Werror=format-security
CPPFLAGS=-D_FORTIFY_SOURCE=2
CXXFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Wformat-security -Werror=format-security
FFLAGS=-g -O2
LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro

So, I will put this into my configure script wrapper.

Vaclav


>  You only get those flags for a self-compile if you add them manually or if
>  you use the package build scripts.
>
>
>  regards,
>  Hamish
>
> --
> Ticket URL: <https://trac.osgeo.org/grass/ticket/2235#comment:5>
> GRASS GIS <http://grass.osgeo.org>
>
> _______________________________________________
> grass-dev mailing list
> grass-dev at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/grass-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/grass-dev/attachments/20140327/36fd66af/attachment.html>


More information about the grass-dev mailing list