Will it help to mitigate issues such as: https://bugzilla.redhat.com/show_bug.cgi?id=1284684 and mitigate workarounds such as: https://bugzilla.redhat.com/show_bug.cgi?id=1543394 That would be wonderful. Also, while OT to this specific change, I would love to have ability to have some compiler flags tailored to my environment. E.g. enabled optimizations specific to my CPU. That could enable potential of JIT compilation in Ruby and possibly everywhere else where compiler is involved in installation some extensions from 3rd party repositories. Vít Dne 11. 03. 19 v 18:56 Ben Cotton napsal(a): > https://fedoraproject.org/wiki/Changes/HardenedCompiler > > == Summary == > By Default enable a few security hardening flags which are used with GCC. > > == Owner == > * Name: [[User:huzaifas|Huzaifa Sidhpurwala]] > * Email: huzaifas@xxxxxxxxxx > * Release notes owner: huzaifas@xxxxxxxxxx > > > == Detailed Description == > Currently GCC does not enable any security hardening flags by default. > They have to be explicitly enabled by the developers one-by-one. > Ubuntu (https://wiki.ubuntu.com/ToolChain/CompilerFlags) however > enables them and therefore has a hardened compiler by default. Each of > these options can be explicitly disabled if required by the developer > via a GCC command line flag. I am currently proposing the following > flags be enabled by default. > > '''-Wformat -Wformat-security -fstack-protector-strong > --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -O''''' > > {| class="wikitable" > |- > ! No !! Flag !! Use !! How to disable > |- > | 1 || -Wformat || Check calls to "printf" and "scanf", etc., to make > sure that the arguments supplied have types appropriate to the format > string specified, and that the conversions specified in the format > string make sense. || -Wno-format > |- > | 2 || -Wformat-security || If -Wformat is specified, also warn about > uses of format functions that represent possible security problems. > || -Wno-format should disable this as well > |- > | 3 || -fstack-protector-strong || Like -fstack-protector but includes > additional functions to be protected --- those that have local array > definitions, or have references to local frame addresses. > || -fno-stack-protector > |} > > > == Benefit to Fedora == > We provide better security both for our packages and for > applications/programs which users are building. > > == Scope == > * Proposal owners: Patch gcc to enable these options by default. Patch > should be very simple, since the compile/link code isnt actually > touched. > * Other developers: Developers need to ensure that Fedora package is > built and if any build failures they are corrected > * Release engineering: [https://pagure.io/releng/issue/8204 #8204] > * Policies and guidelines: The policies and guidelines do not need to > be updated. > * Trademark approval: Not needed for this change > > == Upgrade/compatibility impact == > None > > == How To Test == > Run "gcc -Q -v <foo.c>" to check if these flags are enabled by default > > == User Experience == > Fedora is more secure because the entire distribution is compiled with > the correct security technologies enabled. Developers dont have to > worry about enabling the right flags when they compile their > application in Fedora because the compiler has them enabled by > default. > > == Dependencies == > All packages will be rebuild with new GCC options. > > == Contingency Plan == > * Contingency mechanism: Roll back the GCC options and use the default ones. > * Contingency deadline: Beta Feeze > * Blocks release? No > > > > _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
