enhance security using special compilation options

Description

gcc/ld have different options that can make resulting binaries more secure against buffer/stack overflow exploits. RedHat uses most of them for distribution binaries. We need to analyze these options, understand the benefits and drawbacks, and possibly use them too in our builds.
The (incomplete) list is

1 2 3 4 -pie -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -Wl,-z,relro,-z,now

Environment

None

Status

Assignee

Sergei Golubchik

Reporter

Sergei Golubchik

Labels

None

External issue ID

None

External issue ID

None

Time tracking

8h

Fix versions

Priority

Major