new default compiler flags

Kees Cook kees at ubuntu.com
Sat May 3 01:15:45 BST 2008


In Edgy, we enabled "-fstack-protector" to gain protections against
stack overflow attacks.  For Intrepid, we've added more:

-Wl,-z,relro

 This is designed to provide some protection to ELF binaries so they
 can have their runtime link maps not as useful a target for attackers.
 Daemons and other programs that are more interested in security than
 time-to-load can also add "-Wl,-z,now" for maximal benefit.

 If this option causes problems, you can add "-Wl,-z,norelro" to LDFLAGS.

-Wformat -Wformat-security

 This is designed to warn during compile-time about potentially unsafe
 format string usage.  Generally "%s" is missing: 'printf(buffer);'
 instead of the correct 'printf("%s",buffer);'  These warnings will
 frequently not point to security issues, but I urge everyone to fix
 them if you see them anyway.

 To disable format-security warnings when you run with -Wall, use
 "-Wno-format-security".  To disable all format warnings, use
 "-Wformat=0".
 
-D_FORTIFY_SOURCE=2

 This is going to cause the most pain for this release -- this option
 enables checks for common unsafe usage of various libc functions (read,
 strcpy, memcpy, sprintf, printf, system, etc).  Most of the errors will
 be real things that need to be fixed in the source, with varying degree
 of importance.  Even if they don't turn out to be serious issues, they
 will improve the overall quality of code in Ubuntu.

 To disable these checks, use "-U_FORTIFY_SOURCE" in your CPPFLAGS.

Further details and examples of failure conditions are written up in the
wiki: https://wiki.ubuntu.com/CompilerFlags

Thanks in advance for everyone's time and attention for fixing the
issues that will crop up.  :)

-Kees

-- 
Kees Cook
Ubuntu Security Team



More information about the ubuntu-devel mailing list