On 2022-11-3 06:56 , Clemens Lang wrote:
Speaking of this CVE… we don't actually build with the common set of
security flags in MacPorts, do we? We should probably look into getting
the common set -fstack-protector-strong -fstack-clash-protection -fPIE
(probably not required on modern macOS?) -D_FORTIFY_SOURCE=3
-fcf-protection=full (on x86_64) and maybe -Wl,-bind_at_load
-Wl,-read_only_stubs.
Does anybody have a good overview of what the recommended set of
security compiler flags is on macOS? Quick testing suggests everything
but -fstack-protector-strong and -D_FORTIFY_SOURCE is already on by
default.
_FORTIFY_SOURCE is also on by default since 10.6.
<https://github.com/apple-oss-distributions/Libc/blob/7380dc7cf0fc04550c72f34d38088b4db8668f40/include/_types.h#L60-L66>
Though that's set to 2 not 3, it looks like setting it to anything
higher than 2 does nothing extra in libc at least.
Apple has generally been pretty good about enabling these hardening
measures. The difficult work would be figuring out on which OS and Xcode
versions these options can be used and are not already enabled.
- Josh
