https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112897
Eric Gallager <egallager at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |egallager at gcc dot gnu.org,
| |mpolacek at gcc dot gnu.org
--- Comment #3 from Eric Gallager <egallager at gcc dot gnu.org> ---
(In reply to Agostino Sarubbo from comment #2)
> I don't know if I was able to provide the concept, but in other words if we
> know that something like -fstack-clash-protection is widely used nowadays,
> it make no sense rebase patches for 10 years and then in the 2033 make the
> proper configure option :)
>
> > What's the flag you want to enable this time?
>
> I'm not a gcc downstream maintainer so I can speak for what I can see as
> external people, so you might want to involve downstream maintainers.
> From what I can see I'd say that a starting point is:
>
> -D_FORTIFY_SOURCE=2
> -D_FORTIFY_SOURCE=3
> -fstack-clash-protection
> -fcf-protection
> -z,relro / -z now
> _GLIBCXX_ASSERTIONS
> -Wformat
> -Wformat-security
This sounds like basically the same set of options enabled by the new
-fhardened flag coming in GCC 14?
