Evaluate -fsanitize-minimal-runtime for possible hardening

[david-a-wheeler]

In https://news.ycombinator.com/item?id=38478866 nlewycky reports the following:

Also! While the usual sanitizer runtime libraries aren't security hardened for use in production environments, but for UBSan there's -fsanitize-minimal-runtime which switches to a different runtime library that is intended for this purpose (or use -fsanitize-trap=... instead, which executes an illegal instruction on error). Note that if your program terminates with a UBSan error, an attacker who can check whether your program terminated or not could use that as a primitive to leak data, so consider the security impact on your use case carefully. UBSan has a quite small performance impact when building with optimization, so you could deploy to production with it enabled, or parts of it enabled.

I'd like some feedback from the various distros & such. Is there a big drawback to this? It sounds potentially helpful, but I don't have any experience doing this for production.

[SecurityCRob]

Has this been addressed by the C/C++ Compiler Hardening options guide? @gkunz @thomasnyman @david-a-wheeler