new default compiler flags
Kees Cook
kees at ubuntu.com
Sat May 3 01:15:45 BST 2008
In Edgy, we enabled "-fstack-protector" to gain protections against
stack overflow attacks. For Intrepid, we've added more:
-Wl,-z,relro
This is designed to provide some protection to ELF binaries so they
can have their runtime link maps not as useful a target for attackers.
Daemons and other programs that are more interested in security than
time-to-load can also add "-Wl,-z,now" for maximal benefit.
If this option causes problems, you can add "-Wl,-z,norelro" to LDFLAGS.
-Wformat -Wformat-security
This is designed to warn during compile-time about potentially unsafe
format string usage. Generally "%s" is missing: 'printf(buffer);'
instead of the correct 'printf("%s",buffer);' These warnings will
frequently not point to security issues, but I urge everyone to fix
them if you see them anyway.
To disable format-security warnings when you run with -Wall, use
"-Wno-format-security". To disable all format warnings, use
"-Wformat=0".
-D_FORTIFY_SOURCE=2
This is going to cause the most pain for this release -- this option
enables checks for common unsafe usage of various libc functions (read,
strcpy, memcpy, sprintf, printf, system, etc). Most of the errors will
be real things that need to be fixed in the source, with varying degree
of importance. Even if they don't turn out to be serious issues, they
will improve the overall quality of code in Ubuntu.
To disable these checks, use "-U_FORTIFY_SOURCE" in your CPPFLAGS.
Further details and examples of failure conditions are written up in the
wiki: https://wiki.ubuntu.com/CompilerFlags
Thanks in advance for everyone's time and attention for fixing the
issues that will crop up. :)
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the Ubuntu-motu
mailing list