We're updating the issue view to help you get more done.Learn more

enhance security using special compilation options

gcc/ld have different options that can make resulting binaries more secure against buffer/stack overflow exploits. RedHat uses most of them for distribution binaries. We need to analyze these options, understand the benefits and drawbacks, and possibly use them too in our builds.
The (incomplete) list is

-pie
-Wp,-D_FORTIFY_SOURCE=2
-fstack-protector --param=ssp-buffer-size=4
-Wl,-z,relro,-z,now

Status

Assignee

Sergei Golubchik

Reporter

Sergei Golubchik