• Registered: 2008-10-03
  • Posts: 3

Topic: Compilation flags

There are several patches for gcc-4.2.x in attachment.
These patches based on patches from HLFS project, but I've done some differences smile

I did not find any documentation about used flags except -fstack-protector{,-all}. Therefore I propose to use also -fPIC in compilation. Sure, it would be better to differ -fPIC and -fPIE, since the last are more suitable for executables. It allow more optimization in -O3, but -O3 I think is very aggressive for hardened distro it may cause some memory leaks with -O3 and SSP. Therefore I think that it'll be better to use "-O2 -fPIC -fstack-protector-all" combination wink

We can use -z now ldflag for preloading(explicit run-time linking). It't faster wink
If we'll use -fPIC for all, we must use -z pic for linking also. And -z noexecstack -- it's powerful thing wink Finally, so we can prevent code execution in stack.

Dmitry.

  • Registered: 2008-04-13
  • Posts: 83

Re: Compilation flags

Hi,

I used until now the following flags:

CFLAGS="-Wa,--noexecstack -fstack-protector-all -O2 -fPIC"

I was also thinking at adding libasafe to protect the stack.

Thanks for the patches,
Yuriy

  • Registered: 2008-04-13
  • Posts: 83

Re: Compilation flags

Hi I'm currently working on the new version - if you could make the patch work on gcc 4.3 it would be grate.