Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: gcc-14 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2080267
Title:
Ple
Neal Goompa and I spoke about this concern during the Ubuntu Summit. He would
like to see tunables added to fhardened. The thought is, with tunables folks
are less likely to fully disable fhardened if they run into a failed build.
We spoke about using redundant flags in distros, e.g., so that we c
why would we want to do that? The only case to use that option is the
setting of of hardening=all in the build options. It would do the wrong
thing for e.g. hardening=all,-something.
This option seems to be useful for upstreams, just enabling everything,
but not well suited for the fine-grained
** Tags added: release-oo-incoming
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2080267
Title:
Please add -fhardened to default build flags
To manage notifications about this bug go to:
https://bu
Thanks! Updated description.
** Description changed:
> Currently, -fhardened enables:
>
> -D_FORTIFY_SOURCE=3 (or =2 for older glibcs)
> -D_GLIBCXX_ASSERTIONS
- > -ftrivial-auto-var-init=pattern
+ > -ftrivial-auto-var-init=zero
> -fPIE -pie -Wl,-z,relro,-z,now
> -fstack-
This looks great! Also, it seems that auto-var-init was (thankfully) adjusted
to "=zero" at some point recently:
https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#index-fhardened
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to U
** Description changed:
> Currently, -fhardened enables:
>
> -D_FORTIFY_SOURCE=3 (or =2 for older glibcs)
> -D_GLIBCXX_ASSERTIONS
> -ftrivial-auto-var-init=pattern
> -fPIE -pie -Wl,-z,relro,-z,now
> -fstack-protector-strong
> -fstack-clash-protection
> -fcf-protec
