On 07/12/14 13:21, Marc Glisse wrote:
On Sun, 7 Dec 2014, Some Developer wrote:
Currently I am compiling my shared library with the following options:
-Wformat=2 -fPIC -fpic -fstack-protector-strong -Wl,-z,relro,-z,now
What documentation did you read that led you to have both -fPIC and
-fpic on the same command line? The man page seems very clear to me.
Ah I guess I misread that section of info page. I'll remove the extra
command line option in both sets of compilation flag.
and my executable (Linux daemon) with these options:
-Wformat=2 -fPIE -pie -fstack-protector-strong -Wl,-z,relro,-z,now
and when I compile in release mode I add:
-D_FORTIFY_SOURCE=2
The question is have I got these options right? The real question is
have I got the -fPIC and -fPIE options the right way round (when
compiling for libraries versus executables)?
Also are there any more options I should be adding to make sure I have
compiled in the best possible buffer overflow protection possible?
This is a network daemon so I kind of need everything that is
available.
You could look at -fsanitize=address maybe? (not a recommendation, just
a pointer)
Cool, I'll check the info page for that.
Thanks.
