[Bug other/112897] Have a configure option for all common flags used by default on distros
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112897 Agostino Sarubbo changed: What|Removed |Added Resolution|--- |INVALID Status|UNCONFIRMED |RESOLVED --- Comment #7 from Agostino Sarubbo --- Let's make a bit of clarification. This bug is intended as a general improvement idea. I never said to talk for Gentoo nor to talk on behalf of the Gentoo toolchain project (which I'm not part of). If people get confused about the fact that I was speaking for Gentoo, then I'm sorry but that was outside my intention. @Andreas K. Huettel: Sam James already stated that I'm not speaking for Gentoo/Gentoo Toolchain, so I understand that repeat it make more happy and you are free to do that. However state 'please ignore this bug' is a bit disrispectful. I'm closing by myself.
[Bug other/112897] Have a configure option for all common flags used by default on distros
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112897 Andreas K. Huettel changed: What|Removed |Added CC||dilfridge at gentoo dot org --- Comment #6 from Andreas K. Huettel --- Please ignore this bug. Ago is not a member of the Gentoo toolchain team and does not speak for it. I am sorry for the spam. Regards, Andreas (Gentoo Toolchain team lead) https://wiki.gentoo.org/wiki/Project:Toolchain
[Bug other/112897] Have a configure option for all common flags used by default on distros
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112897 Sam James changed: What|Removed |Added CC||arsen at gcc dot gnu.org, ||sjames at gcc dot gnu.org, ||toolchain at gentoo dot org --- Comment #5 from Sam James --- This doesn't represent our position in packaging GCC in Gentoo and I don't know why this bug was filed. Agostino isn't affiliated with that work. If we have proposals to make, we'll make them, but we don't have any in the works. We supported the -fhardened proposal and were pleased to see it make it into 14.
[Bug other/112897] Have a configure option for all common flags used by default on distros
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112897 --- Comment #4 from Jonathan Wakely --- (In reply to Agostino Sarubbo from comment #0) > Fedora (there are other unrelated patches): > https://download.fedoraproject.org/pub/fedora/linux/development/rawhide/ > Everything/source/tree/Packages/g/gcc-13.2.1-5.fc40.src.rpm Fedora GCC doesn't change defaults from upstream. Flags like -D_FORTIFY_SOURCE=3 are added by the Fedora build system when building RPMs, they are not hardcoded as defaults into gcc itself.
[Bug other/112897] Have a configure option for all common flags used by default on distros
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112897 Eric Gallager changed: What|Removed |Added CC||egallager at gcc dot gnu.org, ||mpolacek at gcc dot gnu.org --- Comment #3 from Eric Gallager --- (In reply to Agostino Sarubbo from comment #2) > I don't know if I was able to provide the concept, but in other words if we > know that something like -fstack-clash-protection is widely used nowadays, > it make no sense rebase patches for 10 years and then in the 2033 make the > proper configure option :) > > > What's the flag you want to enable this time? > > I'm not a gcc downstream maintainer so I can speak for what I can see as > external people, so you might want to involve downstream maintainers. > From what I can see I'd say that a starting point is: > > -D_FORTIFY_SOURCE=2 > -D_FORTIFY_SOURCE=3 > -fstack-clash-protection > -fcf-protection > -z,relro / -z now > _GLIBCXX_ASSERTIONS > -Wformat > -Wformat-security This sounds like basically the same set of options enabled by the new -fhardened flag coming in GCC 14?
[Bug other/112897] Have a configure option for all common flags used by default on distros
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112897 --- Comment #2 from Agostino Sarubbo --- I don't know if I was able to provide the concept, but in other words if we know that something like -fstack-clash-protection is widely used nowadays, it make no sense rebase patches for 10 years and then in the 2033 make the proper configure option :) > What's the flag you want to enable this time? I'm not a gcc downstream maintainer so I can speak for what I can see as external people, so you might want to involve downstream maintainers. >From what I can see I'd say that a starting point is: -D_FORTIFY_SOURCE=2 -D_FORTIFY_SOURCE=3 -fstack-clash-protection -fcf-protection -z,relro / -z now _GLIBCXX_ASSERTIONS -Wformat -Wformat-security
[Bug other/112897] Have a configure option for all common flags used by default on distros
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112897 --- Comment #1 from Richard Biener --- We don't want people go wild with changing defaults and delivering a totally different (bad?) experience or doing that too easily. You can always use specs to do this for example. But yeah, SUSE carries a patch adding a 'defaults.spec' for this. What's the flag you want to enable this time? IMHO different configure flags for hardening defaults are the way to go.