Hi, Currently I am compiling my shared library with the following options: -Wformat=2 -fPIC -fpic -fstack-protector-strong -Wl,-z,relro,-z,now and my executable (Linux daemon) with these options: -Wformat=2 -fPIE -pie -fstack-protector-strong -Wl,-z,relro,-z,now and when I compile in release mode I add: -D_FORTIFY_SOURCE=2 The question is have I got these options right? The real question is have I got the -fPIC and -fPIE options the right way round (when compiling for libraries versus executables)? Also are there any more options I should be adding to make sure I have compiled in the best possible buffer overflow protection possible? This is a network daemon so I kind of need everything that is available. Cheers.
