From Fedora Project Wiki

Revision as of 08:01, 5 March 2019 by Huzaifas (talk | contribs)


Enable Compiler Security hardening flags by default in GCC

Summary

By Default enable a few security hardening flags which are used with GCC.

Owner

Current status

  • Targeted release: Fedora 31
  • Last updated: 2019-03-05

Detailed Description

Currently GCC does not enable any security hardening flags by default. They have to be explicitly enabled by the developers one-by-one. [[Ubuntu|https://wiki.ubuntu.com/ToolChain/CompilerFlags] however enables them and therefore has a hardened compiler by default. Each of these options can be explicitly disabled if required by the developer via a GCC command line flag. I am currently proposing the following flags be enabled by default.

-Wformat -Wformat-security -fstack-protector-strong --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2

Benefit to Fedora

We provide better security both for our packages and for applications/programs which users are building.

Scope

  • Proposal owners: Patch gcc to enable these options by default. Patch should be very simple, since the compile/link code isnt actually touched.
  • Other developers: Developers need to ensure that Fedora package is built and if any build failures they are corrected
  • Release engineering:
  • Policies and guidelines: The policies and guidelines do not need to be updated.
  • Trademark approval: Not needed for this change

Upgrade/compatibility impact

None

Some packaging changes required, see:


How To Test

Run "gcc -Q --help=target" to check if these flags are enabled by default

User Experience

None

Dependencies

All packages will be rebuild with new GCC options.

Contingency Plan

  • Contingency mechanism: Roll back the GCC options and use the default ones.
  • Contingency deadline:
  • Blocks release? No

Documentation

Release Notes

  • Release Notes tracking: <will be assigned by the Wrangler>