This page documents the Ubuntu-specific default compiler flags in the toolchain. Based on the work from GccSsp, [:Security/HardeningWrapper], and DistCompilerFlags. Please attempt to fix a source package's problems before disabling a given compiler feature, and document the package and bug numbers in the Problems section below.
First enabled in Ubuntu 6.10. See GccSsp for further details. Most problems are related to packages that do not use stdlib directly (kernel modules, certain libraries, etc).
'__stack_chk_fail' symbol not found
- Indicates a program was compiled to expect to have the stdlib available, but did not.
*** stack smashing detected *** Aborted
- A function did not correctly maintain its stack variables. Usually indicates a stack buffer overflow.
Disabled with -fno-stack-protector or -nostdlib in CPPFLAGS.
First enabled in Ubuntu 8.10. Most problems are related to common unsafe uses of certain libc functions.
error: ignoring return value of 'int system(const char*)', declared with attribute warn_unused_result
The return value from system() functions should be evaluated and handled appropriately, or discarded with a (void) cast if the result can actually be safely ignored.
error: call to '__open_missing_mode' declared with attribute error: open with O_CREAT in second argument needs 3 arguments
When using open() with O_CREAT, best-practice is to define a valid mode argument.
warning: call to ‘__read_chk_warn’ declared with attribute warning: read called with bigger length than size of the destination buffer
The call to read() was done into a buffer with the wrong size. Double-check the size argument and the buffer size.
warning: passing argument 1 of 'memcpy' discards qualifiers from pointer target type warning: passing argument 1 of 'strcpy' discards qualifiers from pointer target type
Code compiled with -Werror and using memcpy/strcpy/etc with qualifier overrides will fail. This is a bug in glibc 2.7. See [https://launchpad.net/bugs/217481].
*** %n in writable segment detected *** Aborted
Use of "%n" in a format string is limited to read-only memory (not stack or heap allocated strings).
*** buffer overflow detected *** Aborted
A call to sprintf should be changed to use snprintf, or a too-small buffer was read into (see read() warnings above).
Reduced checking via -D_FORTIFY_SOURCE=1 in CPPFLAGS. Disabled with -U_FORTIFY_SOURCE or -D_FORTIFY_SOURCE=0 in CPPFLAGS.
First enabled in Ubuntu 8.10. These options should only cause build failures if the package is compiling with -Werror.
warning: format ‘%s’ expects type ‘char *’, but argument 3 has type ‘int’
For packages that aren't already building with -Wall, format character to argument types will be checked. Verify the correct variables for a given format string.
warning: format not a string literal and no format arguments
This is caused by code that forgot to use "%s" for a *printf function. For example:
Disabled with -Wno-format-security or -Wformat=0 in CPPFLAGS.
First enabled in Ubuntu 8.10. This option paves the way for using -z now to further harden long-running programs like daemons.
No known failure examples.
Disabled with -Wl,-z,norelro in LDFLAGS.
Please open FTBFS bugs and tag them with "hardening-ftbfs". If a compiler option bust be disabled instead of finding a correct fix, document the packages, work-around, and reasons here: