From Fedora Project Wiki
mNo edit summary
No edit summary
Line 50: Line 50:
== Detailed Description ==
== Detailed Description ==
<!-- Expand on the summary, if appropriate.  A couple sentences suffices to explain the goal, but the more details you can provide the better. -->
<!-- Expand on the summary, if appropriate.  A couple sentences suffices to explain the goal, but the more details you can provide the better. -->
Currently GCC does not enable any security hardening flags by default. They have to be explicitly enabled by the developers one-by-one. [[https://wiki.ubuntu.com/ToolChain/CompilerFlags||Ubuntu]] however enables them and therefore has a hardened compiler by default. Each of these options can be explicitly disabled if required by the developer via a GCC command line flag.  I am currently proposing the following flags be enabled by default.
Currently GCC does not enable any security hardening flags by default. They have to be explicitly enabled by the developers one-by-one. Ubuntu (https://wiki.ubuntu.com/ToolChain/CompilerFlags) however enables them and therefore has a hardened compiler by default. Each of these options can be explicitly disabled if required by the developer via a GCC command line flag.  I am currently proposing the following flags be enabled by default.


'''-Wformat -Wformat-security -fstack-protector-strong --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2'''''
'''-Wformat -Wformat-security -fstack-protector-strong --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2'''''

Revision as of 08:09, 5 March 2019


Enable Compiler Security hardening flags by default in GCC

Summary

By Default enable a few security hardening flags which are used with GCC.

Owner

Current status

  • Targeted release: Fedora 31
  • Last updated: 2019-03-05

Detailed Description

Currently GCC does not enable any security hardening flags by default. They have to be explicitly enabled by the developers one-by-one. Ubuntu (https://wiki.ubuntu.com/ToolChain/CompilerFlags) however enables them and therefore has a hardened compiler by default. Each of these options can be explicitly disabled if required by the developer via a GCC command line flag. I am currently proposing the following flags be enabled by default.

-Wformat -Wformat-security -fstack-protector-strong --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2

Benefit to Fedora

We provide better security both for our packages and for applications/programs which users are building.

Scope

  • Proposal owners: Patch gcc to enable these options by default. Patch should be very simple, since the compile/link code isnt actually touched.
  • Other developers: Developers need to ensure that Fedora package is built and if any build failures they are corrected
  • Release engineering:
  • Policies and guidelines: The policies and guidelines do not need to be updated.
  • Trademark approval: Not needed for this change

Upgrade/compatibility impact

None

Some packaging changes required, see:


How To Test

Run "gcc -Q --help=target" to check if these flags are enabled by default

User Experience

None

Dependencies

All packages will be rebuild with new GCC options.

Contingency Plan

  • Contingency mechanism: Roll back the GCC options and use the default ones.
  • Contingency deadline:
  • Blocks release? No

Documentation

Release Notes

  • Release Notes tracking: <will be assigned by the Wrangler>
Retrieved from "https://fedoraproject.org/w/index.php?title=Changes/HardenedCompiler&oldid=535798"