| Issue |
122687
|
| Summary |
[Clang] Add support for -fhardened
|
| Labels |
clang:driver
|
| Assignees |
|
| Reporter |
nikic
|
GCC supports an `-fhardened` flag that enables a number of hardening options with one flag. Quoting from https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html.
> Enable a set of flags for C and C++ that improve the security of the generated code without affecting its ABI. The precise flags enabled may change between major releases of GCC, but are currently:
>
> -D_FORTIFY_SOURCE=3
> -D_GLIBCXX_ASSERTIONS
> -ftrivial-auto-var-init=zero
> -fPIE -pie -Wl,-z,relro,-z,now
> -fstack-protector-strong
> -fstack-clash-protection
> -fcf-protection=full (x86 GNU/Linux only)
>
> The list of options enabled by -fhardened can be generated using the --help=hardened option.
>
> When the system glibc is older than 2.35, -D_FORTIFY_SOURCE=2 is used instead.
>
> This option is intended to be used in production builds, not merely in debug builds.
>
> Currently, -fhardened is only supported on GNU/Linux targets.
>
> -fhardened only enables a particular option if it wasn’t already specified anywhere on the command line. For instance, -fhardened -fstack-protector will only enable -fstack-protector, but not -fstack-protector-strong.
It would be nice if Clang also accepted the flag.
![]()
_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
