Hi All, I generally use flags and switches very similar to Debian's hardening script [1]. The flags and switches include: * -Wall -Wextra * -DSAFEINT_DISALLOW_UNSIGNED_NEGATION (LeBlanc's SafeInt class) * -Wformat=2 -Wformat-security * -D_FORTIFY_SOURCE=2 (debug builds) * -D_GLIBCXX_DEBUG (debug builds) * -fstack-protector * -Wl,-z,now (perform all fixups immediately) * -Wl,-z,relro (read only GOT) * -fPIE (ASLR on an executable) Are there any other switches which others find useful or improve a posture? [1] http://anonscm.debian.org/viewvc/hardening/hardening-wrapper/debian/README.Debian?revision=114&view=markup
