Gentoo Archives: gentoo-hardened

From: "Tóth Attila" <atoth@××××××××××.hu>
To: gentoo-hardened@l.g.o
Subject: [gentoo-hardened] gcc compiler flags - some room for more hardening?
Date: Wed, 17 Jan 2018 12:27:41
Message-Id: 1748046aa6e7602bafd0b50ab5067988.squirrel@atoth.sote.hu
1 I've just came accross a Fedora 28 memo about hardening their flags:
2 https://fedoraproject.org/wiki/Changes/HardeningFlags28
3 1. -fstack-clash-protection
4 2. -fcf-protection=full
5 3. -mcet
6 4. for C++: -D_GLIBCXX_ASSERTIONS
7
8 According to the builtin specs these are not in current use for
9 sys-devel/gcc-7.2.
10
11 It may worth to consider moving the same direction as Fedora. Wouldn't it
12 be a shame if a regular non-rolling distro would make use of harder flags
13 compared to Gentoo Hardened?
14
15 BR: Dw.
16 --
17 dr Tóth Attila, Radiológus, 06-20-825-8057
18 Attila Toth MD, Radiologist, +36-20-825-8057

Replies