On Thu, Sep 15, 2011 at 5:23 PM, Marc Espie <[email protected]> wrote: > On Thu, Sep 15, 2011 at 03:17:36PM -0400, Jeffrey Walton wrote: >> I'm interested in seeing if (1) patches have been applied to fix my >> template error problem >> (http://gcc.gnu.org/bugzilla/show_bug.cgi?id=21656); and (2) the >> compiler/linker is using hardened settings (I know 4.2.1 is not >> hardened out of the box). > > lol. > > 4.2.1 *in OpenBSD* is "hardened" more, and has been tested as an hardened > compiler for more time than gcc 4.2.4. I believe -z relro -z now are fairly standard for GOT and PLT attack remediations. I know some flavors of Linux include them in the spec file for a gcc:
$ uname -a OpenBSD germain.home.pvt 4.9 GENERIC#671 i386 $ /usr/local/bin/egcc -dumpspecs | grep -i relro $ /usr/local/bin/egcc -dumpspecs | grep -i wall $ /usr/local/bin/egcc -dumpspecs | grep -i wextra $ /usr/local/bin/egcc -dumpspecs | grep -i format $ /usr/local/bin/egcc -dumpspecs | grep -i security $ Also, I was not sure about -Wformat=2 -Wformat-security. I guess it depends on what procedures are in place to enforce policy (or in OpenBSD's case, its position on security). > (unless you want to get f*d harder by the GPLv3, that is) I sometimes wonder about the whole free software, free beer thing. Its kind of like trying to figure out how US politicians claim to balance a budget, yet the US is trillions in debt. Jeff
