[ https://issues.apache.org/jira/browse/MESOS-6229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16472650#comment-16472650 ]
Benjamin Mahler commented on MESOS-6229: ---------------------------------------- Was hoping to introduce {{-fno-omit-frame-pointer}} and came across this ticket. Looks like that particular flag wasn't introduced? Any reason? > Default to using hardened compilation flags > ------------------------------------------- > > Key: MESOS-6229 > URL: https://issues.apache.org/jira/browse/MESOS-6229 > Project: Mesos > Issue Type: Improvement > Reporter: Aaron Wood > Assignee: Aaron Wood > Priority: Minor > Labels: c++, clang, gcc, security > Fix For: 1.2.0 > > > Provide a default set of hardened compilation flags to help protect against > overflows and other attacks. Apply to libprocess and stout as well. Current > set of flags that were discussed on slack to implement: > -Wformat-security > -Wstack-protector > -fstack-protector-strong (-fstack-protector-all might be overkill, it could > be more effective to use this. Requires gcc >= 4.9 which should be > reasonable. Detect compiler support and use what we can but prefer > -fstack-protector-strong) > -pie > -fPIE > -fPIC > -D_FORTIFY_SOURCE=2 > -Wl,-z,relro,-z,now (currently not a part of the patch, this should be > another JIRA) > -fno-omit-frame-pointer > https://reviews.apache.org/r/52645/ > https://reviews.apache.org/r/52695/ > https://reviews.apache.org/r/52696/ -- This message was sent by Atlassian JIRA (v7.6.3#76005)