On Tue, Aug 29, 2023 at 09:11:35PM +0100, Sam James via Gcc-patches wrote: > > Marek Polacek via Gcc-patches <gcc-patches@gcc.gnu.org> writes: > > > Improving the security of software has been a major trend in the recent > > years. Fortunately, GCC offers a wide variety of flags that enable extra > > hardening. These flags aren't enabled by default, though. And since > > there are a lot of hardening flags, with more to come, it's been difficult > > to keep on top of them; more so for the users of GCC who ought not to be > > expected to keep track of all the new options. > > > > To alleviate some of the problems I mentioned, we thought it would > > be useful to provide a new umbrella option that enables a reasonable set > > of hardening flags. What's "reasonable" in this context is not easy to > > pin down. Surely, there must be no ABI impact, the option cannot cause > > severe performance issues, and, I suspect, it should not cause build > > errors by enabling stricter compile-time errors (such as, -Wimplicit-int, > > -Wint-conversion). Including a controversial option in -fhardened > > would likely cause that users would not use -fhardened at all. It's > > roughly akin to -Wall or -O2 -- those also enable a reasonable set of > > options, and evolve over time, and are not kept in sync with other > > compilers. > > > > Currently, -fhardened enables: > > Right now, we patch the compiler in Gentoo to default to these > (some always, some only if the user requests hardening). > > It's a bit invasive (trivial, but just a bit messy) and it gets > pretty tedious to rebase it.
Yeah, I bet. > I'd find it really helpful to be able > to instead default on -fhardened from a maintenance perspective. That's good feedback. > > > > -D_FORTIFY_SOURCE=3 (or =2 for older glibcs) > > -D_GLIBCXX_ASSERTIONS > > -ftrivial-auto-var-init=zero > > -fPIE -pie -Wl,-z,relro,-z,now > > -fstack-protector-strong > > -fstack-clash-protection > > -fcf-protection=full (x86 GNU/Linux only) > > > > ... and I also think it's going to be useful for people when > debugging/developing. We can tell them to simply use -fhardened and > then they'll know the compiler will give them the equivalent of -Wall > in terms of sanity checks to help find problems. > > It should be useful for folks who just want to slap it in their CI as > well without keeping up with the various new developments and compiler > features. Yup, pretty much the intended usage. Thanks! Marek