Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Build with more secure GCC flags #616

Closed
DrWhax opened this issue Aug 4, 2012 · 1 comment
Closed

Build with more secure GCC flags #616

DrWhax opened this issue Aug 4, 2012 · 1 comment

Comments

@DrWhax
Copy link

DrWhax commented Aug 4, 2012

Hi,

I think it would be wise to use some more secure GCC flags to add an extra layer of security.

http://wiki.debian.org/Hardening

"-fstack-protector-all -D_FORTIFY_SOURCE=2 -O1 -Wl,-z,relro,-z,now -fPIE -pie"

When compiled, you could check with http://www.trapkit.de/tools/checksec.html if the GCC build is correctly build with the security GCC flags.

No idea on the performance impact, might be around 10/15% ..
@pietern
Copy link
Contributor

pietern commented Aug 6, 2012

Performance is critical to Redis. If you have a suggestion for specific flags, please include the performance impact.

Redis shouldn't run in unprotected networks, or have setuid set, as examples of why this doesn't have a high priority.

Closing this issue. Please feel free to reopen when you have more information. Thanks.

@pietern pietern closed this as completed Aug 6, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pietern @DrWhax