more compiler safety flags
Damien Miller
djm at mindrot.org
Fri Dec 21 15:42:45 EST 2012
On Fri, 21 Dec 2012, Darren Tucker wrote:
> Anyone see any reason not to add these extra compiler/linker flags if
> they're supported?
I think the risk is that some of these features need crt0/ld.so assistance
to work that might be absent, causing the programs to link but fail to
execute. Is this a problem in practice? I have no idea :) I'm not opposed
to you committing this diff while we are still in development mode to help
find out though.
> + OSSH_CHECK_CFLAG_COMPILE([-fPIC])
Isn't fPIE more usual?
> + OSSH_CHECK_LDFLAG_LINK([-pie])
> + OSSH_CHECK_LDFLAG_LINK([-Wa,--noexecstack])
> + OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro])
> + OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now])
More information about the openssh-unix-dev
mailing list