|
| From: | Florian Weimer |
| Subject: | Re: Document hardening flags in the coding standards |
| Date: | Thu, 05 Jul 2012 12:37:14 +0200 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120605 Thunderbird/13.0 |
On 07/05/2012 12:12 AM, Karl Berry wrote:
Hi Florian,
would it make sense to document the C/C++ hardening compiler flags in
the coding standards, and recommend that they are always switched on if
possible?
I'm not sure. I asked rms.
It would probably be best for the coding standards only to link to a
pages in the GCC/GLIBC/whatever manuals about them, in any case, rather
than have a list of specific flags, which will surely change over time
or have details that need describing, etc. Are there suitable targets
now that I could look at? (I took a quick look but didn't see it.)
The pages do not exist yet. To get the best available protection, you need to combine several features. The kernel part is applied automatically, but other features are split between libc and GCC, so neither manual would give readers the full picture. That's why I was looking for a place to put the combined documentation.
I understand that I cannot document kernel features there, but this doesn't matter because the kernel either has them, or it hasn't, there is nothing the programmer could do.
-- Florian Weimer / Red Hat Product Security Team
| [Prev in Thread] | Current Thread | [Next in Thread] |