more compiler safety flags

Damien Miller djm at
Fri Dec 21 15:42:45 EST 2012

On Fri, 21 Dec 2012, Darren Tucker wrote:

> Anyone see any reason not to add these extra compiler/linker flags if
> they're supported?

I think the risk is that some of these features need crt0/ assistance
to work that might be absent, causing the programs to link but fail to
execute. Is this a problem in practice? I have no idea :) I'm not opposed
to you committing this diff while we are still in development mode to help
find out though.


Isn't fPIE more usual?

> +	OSSH_CHECK_LDFLAG_LINK([-Wa,--noexecstack])
> +	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
> +	OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])

More information about the openssh-unix-dev mailing list