[GRASS-dev] Compilation: hardening

Comment(by hamish):
a guess- recent versions of Debian (and thus Ubuntu) packaging rules add
hardening flags to the compiler CFLAGS. I believe one of the results of
this is that it forces programs to crash instead of continuing on in a
memory-corrupted state. It also adds a number of warnings to the compile
log when it suspects something bad could happen.

see https://wiki.debian.org/Hardening

This might be very useful. Do you have some exact suggestion what flags to

use?

On Ubuntu 12.04 I get:

$ dpkg-buildflags
CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Wformat-security -Werror=format-security
CPPFLAGS=-D_FORTIFY_SOURCE=2
CXXFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Wformat-security -Werror=format-security
FFLAGS=-g -O2
LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro

So, I will put this into my configure script wrapper.

Vaclav

You only get those flags for a self-compile if you add them manually or if
you use the package build scripts.

regards,
Hamish

--
Ticket URL: <https://trac.osgeo.org/grass/ticket/2235#comment:5&gt;
GRASS GIS <http://grass.osgeo.org>

_______________________________________________
grass-dev mailing list
grass-dev@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/grass-dev