Compilation security options for shared libraries and executables (daemon) with G++ 4.9.2
Some Developer
someukdeveloper@gmail.com
Sun Dec 7 13:34:00 GMT 2014
On 07/12/14 13:21, Marc Glisse wrote:
> On Sun, 7 Dec 2014, Some Developer wrote:
>
>> Currently I am compiling my shared library with the following options:
>>
>> -Wformat=2 -fPIC -fpic -fstack-protector-strong -Wl,-z,relro,-z,now
>
> What documentation did you read that led you to have both -fPIC and
> -fpic on the same command line? The man page seems very clear to me.
>
Ah I guess I misread that section of info page. I'll remove the extra
command line option in both sets of compilation flag.
>> and my executable (Linux daemon) with these options:
>>
>> -Wformat=2 -fPIE -pie -fstack-protector-strong -Wl,-z,relro,-z,now
>>
>> and when I compile in release mode I add:
>>
>> -D_FORTIFY_SOURCE=2
>>
>> The question is have I got these options right? The real question is
>> have I got the -fPIC and -fPIE options the right way round (when
>> compiling for libraries versus executables)?
>>
>> Also are there any more options I should be adding to make sure I have
>> compiled in the best possible buffer overflow protection possible?
>> This is a network daemon so I kind of need everything that is
>> available.
>
> You could look at -fsanitize=address maybe? (not a recommendation, just
> a pointer)
>
Cool, I'll check the info page for that.
Thanks.
More information about the Gcc-help
mailing list