On Tue, 18 Dec 2012, Jeffrey Walton wrote:
If you are going to try the waters with warnings, you should also
consider the flags to integrate with platform security.
Platform security integration includes fortified sources and stack
protectors. Here are the flags of interest:
* -fstack-protector-all
* -z,noexecstack
* -z,noexecheap (or other measure, such as W^X)
* -z,relro
* -z,now
* -fPIE and -pie for executables
FORTIFY_SOURCE=2 (FORTIFY_SOURCE=1 on Android 4.1+), where available.
I understand your concern and the reasoning, but these sort of options
are highly platform/target/distribution specific. It is easy to
create packages which fail to build on many systems. Later, the baked
in settings of somewhat dated distribution tarballs may not meet
current standards.
Surely it is better to leave this to OS distribution maintainers who
establish common rules for OS packages and ensure that options are
applied in a uniform and consistent manner.
Bob
--
Bob Friesenhahn
bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
_______________________________________________
Autoconf mailing list
Autoconf@gnu.org
https://lists.gnu.org/mailman/listinfo/autoconf