CompilerFlags
⇤ ← Revision 1 as of 2008-05-02 21:18:34
1755
Comment: initial pass
|
2479
tweaks
|
Deletions are marked like this. | Additions are marked like this. |
Line 5: | Line 5: |
First enabled in Ubuntu 6.10. See GccSsp for further details. |
First enabled in Ubuntu 6.10. See GccSsp for further details. Most problems are related to packages that do not use stdlib directly (kernel modules, certain libraries, etc). |
Line 8: | Line 7: |
Failure example: {{{ | Failure example: {{{ |
Line 12: | Line 12: |
Disabled with {{{-fno-stack-protector}}} or {{{-nostdlib}}}. | Disabled with {{{-fno-stack-protector}}} or {{{-nostdlib}}} in {{{CPPFLAGS}}}. |
Line 16: | Line 16: |
First enabled in Ubuntu 8.10. See [:Security/FortifySource:] for more details. | First enabled in Ubuntu 8.10. See [:Security/FortifySource:] for further details. Most problems are related to common unsafe uses of certain libc functions. |
Line 22: | Line 22: |
The return value from {{{system()}}} functions should be evaluated and handled appropriately. | |
Line 26: | Line 27: |
When using {{{open()}}} with {{{O_CREAT}}}, best-practice is to define a valid {{{mode}}} argument. | |
Line 30: | Line 32: |
The call to {{{read()}}} was done into a buffer with the wrong size. Double-check the size argument and the buffer size. | |
Line 31: | Line 34: |
Reduced checking via {{{-D_FORTIFY_SOURCE=1}}}. Disabled with {{{-U_FORTIFY_SOURCE}}} or {{{-D_FORTIFY_SOURCE=0}}}. | Reduced checking via {{{-D_FORTIFY_SOURCE=1}}} in {{{CPPFLAGS}}}. Disabled with {{{-U_FORTIFY_SOURCE}}} or {{{-D_FORTIFY_SOURCE=0}}} in {{{CPPFLAGS}}}. |
Line 35: | Line 38: |
First enabled in Ubuntu 8.10. These options should only cause FTBFS if the package is compiling with {{{-Werror}}}. | First enabled in Ubuntu 8.10. These options should only cause build failures if the package is compiling with {{{-Werror}}}. |
Line 42: | Line 45: |
This is caused by code that fails to use {{{"%s"}}} for a {{{*printf}}} function. For example: {{{ printf(buf); |
This is caused by code that forgot to use {{{"%s"}}} for a {{{*printf}}} function. For example: {{{ fprintf(stderr,buf); |
Line 45: | Line 49: |
should be: {{{ printf("%s",buf); |
should be: {{{ fprintf(stderr,"%s",buf); |
Line 49: | Line 54: |
Disabled with {{{-Wno-format-security}}} or {{{-Wformat=0}}}. | Disabled with {{{-Wno-format-security}}} or {{{-Wformat=0}}} in {{{CPPFLAGS}}}. |
Line 53: | Line 58: |
First enabled in Ubuntu 8.10. | First enabled in Ubuntu 8.10. This option paves the way for using {{{-z now}}} to further harden long-running programs like daemons. |
This page documents the Ubuntu-specific default compiler flags in the toolchain. Based on the work from GccSsp, [:Security/HardeningWrapper:], and DistCompiler. Please attempt to fix a source package's problems before disabling a given compiler feature.
-fstack-protector
First enabled in Ubuntu 6.10. See GccSsp for further details. Most problems are related to packages that do not use stdlib directly (kernel modules, certain libraries, etc).
Failure example:
'__stack_chk_fail' symbol not found
Disabled with -fno-stack-protector or -nostdlib in CPPFLAGS.
-D_FORTIFY_SOURCE=2
First enabled in Ubuntu 8.10. See [:Security/FortifySource:] for further details. Most problems are related to common unsafe uses of certain libc functions.
Failure examples:
error: ignoring return value of 'int system(const char*)', declared with attribute warn_unused_result
The return value from system() functions should be evaluated and handled appropriately.
error: call to '__open_missing_mode' declared with attribute error: open with O_CREAT in second argument needs 3 arguments
When using open() with O_CREAT, best-practice is to define a valid mode argument.
warning: call to ‘__read_chk_warn’ declared with attribute warning: read called with bigger length than size of the destination buffer
The call to read() was done into a buffer with the wrong size. Double-check the size argument and the buffer size.
Reduced checking via -D_FORTIFY_SOURCE=1 in CPPFLAGS. Disabled with -U_FORTIFY_SOURCE or -D_FORTIFY_SOURCE=0 in CPPFLAGS.
-Wformat -Wformat-security
First enabled in Ubuntu 8.10. These options should only cause build failures if the package is compiling with -Werror.
Failure examples:
warning: format not a string literal and no format arguments
This is caused by code that forgot to use "%s" for a *printf function. For example:
fprintf(stderr,buf);
should be:
fprintf(stderr,"%s",buf);
Disabled with -Wno-format-security or -Wformat=0 in CPPFLAGS.
-Wl,-z,relro
First enabled in Ubuntu 8.10. This option paves the way for using -z now to further harden long-running programs like daemons.
No known failure examples.
Disabled with -Wl,-z,norelro in LDFLAGS.
ToolChain/CompilerFlags (last edited 2024-03-22 22:52:13 by eslerm)