[
https://issues.apache.org/jira/browse/MESOS-6229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16472650#comment-16472650
]
Benjamin Mahler commented on MESOS-6229:
----------------------------------------
Was hoping to introduce {{-fno-omit-frame-pointer}} and came across this
ticket. Looks like that particular flag wasn't introduced? Any reason?
> Default to using hardened compilation flags
> -------------------------------------------
>
> Key: MESOS-6229
> URL: https://issues.apache.org/jira/browse/MESOS-6229
> Project: Mesos
> Issue Type: Improvement
> Reporter: Aaron Wood
> Assignee: Aaron Wood
> Priority: Minor
> Labels: c++, clang, gcc, security
> Fix For: 1.2.0
>
>
> Provide a default set of hardened compilation flags to help protect against
> overflows and other attacks. Apply to libprocess and stout as well. Current
> set of flags that were discussed on slack to implement:
> -Wformat-security
> -Wstack-protector
> -fstack-protector-strong (-fstack-protector-all might be overkill, it could
> be more effective to use this. Requires gcc >= 4.9 which should be
> reasonable. Detect compiler support and use what we can but prefer
> -fstack-protector-strong)
> -pie
> -fPIE
> -fPIC
> -D_FORTIFY_SOURCE=2
> -Wl,-z,relro,-z,now (currently not a part of the patch, this should be
> another JIRA)
> -fno-omit-frame-pointer
> https://reviews.apache.org/r/52645/
> https://reviews.apache.org/r/52695/
> https://reviews.apache.org/r/52696/
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
