Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 6 Nov 2011 20:45:19 +0400
From: Vasiliy Kulikov <segoon@...nwall.com>
To: owl-dev@...ts.openwall.com
Subject: Re: %optflags for new gcc

On Sun, Nov 06, 2011 at 20:23 +0400, Vasiliy Kulikov wrote:
> > And it's a curious comment that "some vendors have patched the gcc to
> > make this option default" (regarding -fstack-protector).  Do you know
> > any examples?  Maybe Ubuntu (just a guess)?
> 
> Yes, Ubuntu does.

In Ubuntu's gcc (from Ubuntu 10.04, some of them might be included
upstream):

http://archive.ubuntu.com/ubuntu/pool/main/g/gcc-4.4/gcc-4.4_4.4.3-4ubuntu5.diff.gz

gcc-default-format-security.diff
# DP: Turn on -Wformat -Wformat-security by  default for C, C++, ObjC,
# ObjC++.


gcc-default-fortify-source.diff
# DP: Turn on -D_FORTIFY_SOURCE=2 by default for C, C++, ObjC, ObjC++.


gcc-default-relro.diff
# DP: Turn on -Wl,-z,relro by default.


gcc-default-ssp.diff
# DP: Turn on -fstack-protector by default for C, C++, ObjC, ObjC++.
# DP: Build libgcc using -fno-stack-protector.


libstdc++-pic.diff
# DP: Build and install libstdc++_pic.a library.


note-gnu-stack.diff
# DP: Add .note.GNU-stack sections for gcc's crt files, libffi and boehm-gc
# DP: Taken from FC.


testsuite-hardening-*
Fix testsuites to pass -W* checks


-- 
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ