[
https://issues.apache.org/jira/browse/MESOS-6229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Aaron Wood updated MESOS-6229:
------------------------------
Description:
Provide a default set of hardened compilation flags to help protect against
overflows and other attacks. Apply to libprocess and stout as well. Current set
of flags that were discussed on slack to implement:
-Wformat-security
-Wstack-protector
-fstack-protector-all
-pie
-fPIE
-D_FORTIFY_SOURCE=2
-O2 (possibly -O3 for greater optimizations, up for discussion)
-Wl,-z,relro,-z,now
-fno-omit-frame-pointer
-fstack-protector-strong (-fstack-protector-all might be overkill, it could be
more effective to use this. Requires gcc >= 4.9)
was:
Provide a default set of hardened compilation flags to help protect against
overflows and other attacks. Apply to libprocess and stout as well. Current set
of flags that were discussed on slack to implement:
-Wformat-security
-fstack-protector-all -Wstack-protector
-pie -fPIE
-D_FORTIFY_SOURCE=2 -O2
-Wl,-z,relro,-z,now
-fno-omit-frame-pointer
> Default to using hardened compilation flags
> -------------------------------------------
>
> Key: MESOS-6229
> URL: https://issues.apache.org/jira/browse/MESOS-6229
> Project: Mesos
> Issue Type: Improvement
> Reporter: Aaron Wood
> Assignee: Aaron Wood
> Priority: Minor
> Labels: c++, clang, gcc, security
>
> Provide a default set of hardened compilation flags to help protect against
> overflows and other attacks. Apply to libprocess and stout as well. Current
> set of flags that were discussed on slack to implement:
> -Wformat-security
> -Wstack-protector
> -fstack-protector-all
> -pie
> -fPIE
> -D_FORTIFY_SOURCE=2
> -O2 (possibly -O3 for greater optimizations, up for discussion)
> -Wl,-z,relro,-z,now
> -fno-omit-frame-pointer
> -fstack-protector-strong (-fstack-protector-all might be overkill, it could
> be more effective to use this. Requires gcc >= 4.9)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
