On Sun, 7 Dec 2014, Some Developer wrote:
Currently I am compiling my shared library with the following options: -Wformat=2 -fPIC -fpic -fstack-protector-strong -Wl,-z,relro,-z,now
What documentation did you read that led you to have both -fPIC and -fpic on the same command line? The man page seems very clear to me.
and my executable (Linux daemon) with these options: -Wformat=2 -fPIE -pie -fstack-protector-strong -Wl,-z,relro,-z,now and when I compile in release mode I add: -D_FORTIFY_SOURCE=2 The question is have I got these options right? The real question is have I got the -fPIC and -fPIE options the right way round (when compiling for libraries versus executables)? Also are there any more options I should be adding to make sure I have compiled in the best possible buffer overflow protection possible? This is a network daemon so I kind of need everything that is available.
You could look at -fsanitize=address maybe? (not a recommendation, just a pointer)
-- Marc Glisse