We're updating the issue view to help you get more done. 

enhance security using special compilation options

Description

gcc/ld have different options that can make resulting binaries more secure against buffer/stack overflow exploits. RedHat uses most of them for distribution binaries. We need to analyze these options, understand the benefits and drawbacks, and possibly use them too in our builds.
The (incomplete) list is

1 2 3 4 -pie -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -Wl,-z,relro,-z,now

Environment

None

Status

Assignee

Sergei Golubchik

Reporter

Sergei Golubchik

Time estimate

8h

Fix versions

Priority

Major