Dear Dimitri, Thanks a lot for the reminder of the toolchain related and package related rules, that would be much helpful for making our decisions.
Regards, Shaoting -----Original Message----- From: dimitri.led...@surgut.co.uk [mailto:dimitri.led...@surgut.co.uk] On Behalf Of Dimitri John Ledkov Sent: Monday, June 18, 2018 8:50 PM To: Shao, Ting <ting.s...@intel.com> Cc: ubuntu-devel-discuss@lists.ubuntu.com Subject: Re: An question about default opened option "-fstack-protector-strong" On 14 June 2018 at 08:03, Shao, Ting <ting.s...@intel.com> wrote: > Hi, > > I was trying to enable the “stack smashing protection” for > node.js(issue 20928). And I switched it on using “-fstack-protector” > And made a benchmark test, while the result is quite strange. Then I > found on my Ubuntu 16.04, the –fstack-protector-strong Was by default > enabled. I checked it using the command: > > Gcc –Q –v main.c > > And found the –fstack-protector-strong flag was listed inside the > “options passed” by default. > > So based on these, I have some questions: > > I installed gcc from apt-get by default, is Ubuntu providing a > customized version of GCC? > If answer of 1 is yes, then you may have a repo that host the > customized GCC code, if I am right, could you please show me where I > can find the proof of that customization? > > That would be much appreciated. J Or if you can’t find the right code, > can you show me where I can find the repo, then I can traverse the > code and history to find the proof myself. > Some of our default toolchain flags are documented at: https://wiki.ubuntu.com/ToolChain/CompilerFlags Security-related distribution features (which include many toolchain customizations) are documented at: https://wiki.ubuntu.com/Security/Features The userspace hardening section does mention "Note: Ubuntu's compiler hardening applies not only to its official builds but also anything built on Ubuntu using its compiler." This ensures that self-compiled / 3rd-party code has on-par security when redistributed, or when targetting Ubuntu platform. The Ubuntu toolchain is an integral part of the Ubuntu product line. -- Regards, Dimitri. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
