Re: Playing around with security hardening compiler flags
- Reply: Alexander Leidinger : "Re: Playing around with security hardening compiler flags"
- Reply: Alexander Leidinger : "Re: Playing around with security hardening compiler flags"
- In reply to: Alexander Leidinger : "Playing around with security hardening compiler flags"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 17 Nov 2024 18:28:50 UTC
On 17 Nov 2024, at 16:30, Alexander Leidinger <Alexander@Leidinger.net> wrote: > > Hi, > > after reading > https://security.googleblog.com/2024/11/retrofitting-spatial-safety-to-hundreds.html > https://libcxx.llvm.org/Hardening.html > https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html > I played around a bit with some of the flags there (in CFLAGS). > > What doesn't work: > - -fstrict-flex-arrays=3 (variable array issue in IIRC a tool for ath) > - -fstrict-flex-arrays=2 (issue in another area, haven't checked further) > > What works and results in a world+kernel which is able to boot: > - -D_GLIBCXX_ASSERTIONS > - -fstrict-flex-arrays=1 > - -fstack-clash-protection > - -D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_EXTENSIVE FWIW the default hardening mode for libc++ is already extensive. There is also a debug mode, but that is not suitable for general use. I have not yet considered any WITH/WITHOUT options to fiddle with this, since it is an option with 4 possible values: none, fast, extensive, and debug. _GLIBCXX_ASSERTIONS is a similar directive for libstdc++, so it won't make much difference for the base system, but it could be good for some ports. (Not sure about the overhead though.) I am unsure about the usefulness of -fstrict-flex-arrays, I have not really played with this option. I would expect more warnings to come out? Last but not least, -fstack-clash-protection might be useful, but I think it might need some additional runtime support? E.g. in libc? -Dimitry