[ 
https://issues.apache.org/jira/browse/MESOS-6229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15514731#comment-15514731
 ] 

Aaron Wood commented on MESOS-6229:
-----------------------------------

I think -fstack-protector-all might be way too much. I'm going to benchmark the 
difference between -fstack-protector and -fstack-protector-strong

> Default to using hardened compilation flags
> -------------------------------------------
>
>                 Key: MESOS-6229
>                 URL: https://issues.apache.org/jira/browse/MESOS-6229
>             Project: Mesos
>          Issue Type: Improvement
>            Reporter: Aaron Wood
>            Assignee: Aaron Wood
>            Priority: Minor
>              Labels: c++, clang, gcc, security
>
> Provide a default set of hardened compilation flags to help protect against 
> overflows and other attacks. Apply to libprocess and stout as well. Current 
> set of flags that were discussed on slack to implement:
> -Wformat­-security
> -Wstack-protector
> -fstack-protector-all
> -pie
> -fPIE 
> -D_FORTIFY_SOURCE=2
> -O2 (possibly -O3 for greater optimizations, up for discussion)
> ­-Wl,-z,relro,-z,now
> -fno-omit-frame-pointer
> -fstack-protector-strong (-fstack-protector-all might be overkill, it could 
> be more effective to use this. Requires gcc >= 4.9)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to