No edit summary |
No edit summary |
||
Line 53: | Line 53: | ||
'''-Wformat -Wformat-security -fstack-protector-strong --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2''''' | '''-Wformat -Wformat-security -fstack-protector-strong --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2''''' | ||
== Benefit to Fedora == | == Benefit to Fedora == | ||
Line 79: | Line 80: | ||
<!-- What happens to systems that have had a previous versions of Fedora installed and are updated to the version containing this change? Will anything require manual configuration or data migration? Will any existing functionality be no longer supported? --> | <!-- What happens to systems that have had a previous versions of Fedora installed and are updated to the version containing this change? Will anything require manual configuration or data migration? Will any existing functionality be no longer supported? --> | ||
None | None | ||
== How To Test == | == How To Test == | ||
Line 102: | Line 100: | ||
<!-- If this change proposal is noticeable by its target audience, how will their experiences change as a result? Describe what they will see or notice. --> | <!-- If this change proposal is noticeable by its target audience, how will their experiences change as a result? Describe what they will see or notice. --> | ||
<!-- REQUIRED FOR SYSTEM WIDE CHANGES --> | <!-- REQUIRED FOR SYSTEM WIDE CHANGES --> | ||
Fedora is more secure because the entire distribution is compiled with the correct security technologies enabled. Developers dont have to worry about enabling the right flags when they compile their application in Fedora because the compiler has them enabled by default. | |||
== Dependencies == | == Dependencies == |
Revision as of 05:58, 6 March 2019
Enable Compiler Security hardening flags by default in GCC
Summary
By Default enable a few security hardening flags which are used with GCC.
Owner
- Name: Huzaifa Sidhpurwala
- Email: huzaifas@redhat.com
- Release notes owner: huzaifas@redhat.com
Current status
- Targeted release: Fedora 31
- Last updated: 2019-03-06
Detailed Description
Currently GCC does not enable any security hardening flags by default. They have to be explicitly enabled by the developers one-by-one. Ubuntu (https://wiki.ubuntu.com/ToolChain/CompilerFlags) however enables them and therefore has a hardened compiler by default. Each of these options can be explicitly disabled if required by the developer via a GCC command line flag. I am currently proposing the following flags be enabled by default.
-Wformat -Wformat-security -fstack-protector-strong --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2
Benefit to Fedora
We provide better security both for our packages and for applications/programs which users are building.
Scope
- Proposal owners: Patch gcc to enable these options by default. Patch should be very simple, since the compile/link code isnt actually touched.
- Other developers: Developers need to ensure that Fedora package is built and if any build failures they are corrected
- Release engineering:
- List of deliverables: ???
- Policies and guidelines: The policies and guidelines do not need to be updated.
- Trademark approval: Not needed for this change
Upgrade/compatibility impact
None
How To Test
Run "gcc -Q --help=target" to check if these flags are enabled by default
User Experience
Fedora is more secure because the entire distribution is compiled with the correct security technologies enabled. Developers dont have to worry about enabling the right flags when they compile their application in Fedora because the compiler has them enabled by default.
Dependencies
All packages will be rebuild with new GCC options.
Contingency Plan
- Contingency mechanism: Roll back the GCC options and use the default ones.
- Contingency deadline:
- Blocks release? No
Documentation
Release Notes
- Release Notes tracking: <will be assigned by the Wrangler>