Hi,would it make sense to document the C/C++ hardening compiler flags in the coding standards, and recommend that they are always switched on if possible? This includes -D_FORTIFY_SOURCE=1, -fstack-protector, and possibly -fPIE, -pie and the options affecting dynamic linking.
We also need to add _FORTIFY_SOURCE documentation to the libc manual. Regards, Florian -- Florian Weimer / Red Hat Product Security Team
