CompilerFlags
This page documents the Ubuntu-specific default compiler flags in the toolchain. Based on the work from GccSsp, [:Security/HardeningWrapper:], and DistCompiler. Please attempt to fix a source package's problems before disabling a given compiler feature.
-fstack-protector
First enabled in Ubuntu 6.10. See GccSsp for further details.
Failure example:
'__stack_chk_fail' symbol not found
Disabled with -fno-stack-protector or -nostdlib.
-D_FORTIFY_SOURCE=2
First enabled in Ubuntu 8.10. See [:Security/FortifySource:] for more details.
Failure examples:
error: ignoring return value of 'int system(const char*)', declared with attribute warn_unused_result
error: call to '__open_missing_mode' declared with attribute error: open with O_CREAT in second argument needs 3 arguments
warning: call to ‘__read_chk_warn’ declared with attribute warning: read called with bigger length than size of the destination buffer
Reduced checking via -D_FORTIFY_SOURCE=1. Disabled with -U_FORTIFY_SOURCE or -D_FORTIFY_SOURCE=0.
-Wformat -Wformat-security
First enabled in Ubuntu 8.10. These options should only cause FTBFS if the package is compiling with -Werror.
Failure examples:
warning: format not a string literal and no format arguments
This is caused by code that fails to use "%s" for a *printf function. For example:
printf(buf);
should be:
printf("%s",buf);Disabled with -Wno-format-security or -Wformat=0.
-Wl,-z,relro
First enabled in Ubuntu 8.10.
No known failure examples.
Disabled with -Wl,-z,norelro in LDFLAGS.