mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron Wood (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (MESOS-6229) Default to using hardened compilation flags
Date Fri, 07 Oct 2016 19:41:20 GMT

     [ https://issues.apache.org/jira/browse/MESOS-6229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Aaron Wood updated MESOS-6229:
------------------------------
    Description: 
Provide a default set of hardened compilation flags to help protect against overflows and
other attacks. Apply to libprocess and stout as well. Current set of flags that were discussed
on slack to implement:

-Wformat­-security
-Wstack-protector
-fstack-protector-strong (-fstack-protector-all might be overkill, it could be more effective
to use this. Requires gcc >= 4.9)
-pie
-fPIE 
-fPIC
-D_FORTIFY_SOURCE=2
­-Wl,-z,relro,-z,now (currently not a part of the patch)
-fno-omit-frame-pointer

https://reviews.apache.org/r/52645/


  was:
Provide a default set of hardened compilation flags to help protect against overflows and
other attacks. Apply to libprocess and stout as well. Current set of flags that were discussed
on slack to implement:

-Wformat­-security
-Wstack-protector
-fstack-protector-strong (-fstack-protector-all might be overkill, it could be more effective
to use this. Requires gcc >= 4.9)
-pie
-fPIE 
-D_FORTIFY_SOURCE=2
­-Wl,-z,relro,-z,now (currently not a part of the patch)
-fno-omit-frame-pointer

https://reviews.apache.org/r/52645/



> Default to using hardened compilation flags
> -------------------------------------------
>
>                 Key: MESOS-6229
>                 URL: https://issues.apache.org/jira/browse/MESOS-6229
>             Project: Mesos
>          Issue Type: Improvement
>            Reporter: Aaron Wood
>            Assignee: Aaron Wood
>            Priority: Minor
>              Labels: c++, clang, gcc, security
>
> Provide a default set of hardened compilation flags to help protect against overflows
and other attacks. Apply to libprocess and stout as well. Current set of flags that were discussed
on slack to implement:
> -Wformat­-security
> -Wstack-protector
> -fstack-protector-strong (-fstack-protector-all might be overkill, it could be more effective
to use this. Requires gcc >= 4.9)
> -pie
> -fPIE 
> -fPIC
> -D_FORTIFY_SOURCE=2
> ­-Wl,-z,relro,-z,now (currently not a part of the patch)
> -fno-omit-frame-pointer
> https://reviews.apache.org/r/52645/



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message