New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When compiling compilers, make their defaults secure #261
Conversation
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
@eslerm @thomasnyman - comments? |
Perhaps refer to Ubuntu's compiler flag wiki page, as this is what Ubuntu already does. (I'm not aware of any other distro that enables hardening options in their compiler, unfortunately.) |
The Ubuntu compiler flag wiki page is out of date when it comes to PIE (flags are not set, but compiler is built with |
Depending upon the context of the discussion, either one might be appropriate. A developer looking for the 'best' options to use in their build might want the |
I believe Gentoo also defaults to enabling many hardening features in their toolchain. |
clang sets
However, gcc itself does not. |
docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.md
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM expect for the small nit-pick.
docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.md
Outdated
Show resolved
Hide resolved
I can understand the rationale for including this, but I'm not so sure about whether the introductory section (which is already rather long) is the best place for this. I'm mindful of the feedback we have received regarding the amount of prose. I'm also not a big fan of jumping straight into specific options in this section (apart from the TLDR). Would this be a better fit as either a separate section or appendix with the options in a table for consistency? |
Let's move it later into its own section. Most people don't compile their own compilers. |
docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.md
Outdated
Show resolved
Hide resolved
docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.md
Show resolved
Hide resolved
You can see what we do at https://wiki.gentoo.org/wiki/Hardened/Toolchain#Changes. We don't set any of that via flags-per-package, instead via either patches or configure arguments to GCC or Binutils. For Clang, we use config files in I'm happy to help describe what we do and also document how others can do the same, as well as anything else you think I can help with. @jvoisin and I have also been working on https://github.com/jvoisin/compiler-flags-distro. |
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
I think this tweaked version covers the gist: If you control compiling the compiler, make the defaults the secure ones. That said, many people aren't recompiling their compilers, so we need to give them guidance for their cases. If they include lots of options in their builds, the code is likely to work with those options elsewhere too :-). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should talk about doing more here in future, but the guidance here is solid and there's no reason not to just add more stuff later.
Thanks!
Ok. I'll merge this now, we can add more later. Thank you everyone! |
No description provided.