additional compiler hardening flags

Damien Miller djm at mindrot.org
Fri Jan 17 09:39:58 EST 2014


On Fri, 17 Jan 2014, Darren Tucker wrote:

> On Fri, Dec 20, 2013 at 11:01:12AM -0800, Iain Morgan wrote:
> > I don't recall seeing these improvements to the build system being
> > committed. Is there any chance of adding them for the next release, or
> > is it too late in the development cycle?
> 
> Sorry, this was on my list to get back to and I didn't.
> 
> Here's the current diff.  Given that there's an off switch I think I
> should just commit it.  Damien?

ok djm

there's also a -fstack-protector-strong that we should support, probably
in preference to -fstack-protector-all


More information about the openssh-unix-dev mailing list