Compilation security options for shared libraries and executables (daemon) with G++ 4.9.2
Some Developer
someukdeveloper@gmail.com
Sun Dec 7 13:00:00 GMT 2014
Hi,
Currently I am compiling my shared library with the following options:
-Wformat=2 -fPIC -fpic -fstack-protector-strong -Wl,-z,relro,-z,now
and my executable (Linux daemon) with these options:
-Wformat=2 -fPIE -pie -fstack-protector-strong -Wl,-z,relro,-z,now
and when I compile in release mode I add:
-D_FORTIFY_SOURCE=2
The question is have I got these options right? The real question is
have I got the -fPIC and -fPIE options the right way round (when
compiling for libraries versus executables)?
Also are there any more options I should be adding to make sure I have
compiled in the best possible buffer overflow protection possible?
This is a network daemon so I kind of need everything that is
available.
Cheers.
More information about the Gcc-help
mailing list