< Changes
No edit summary |
No edit summary |
||
| Line 50: | Line 50: | ||
== Detailed Description == | == Detailed Description == | ||
<!-- Expand on the summary, if appropriate. A couple sentences suffices to explain the goal, but the more details you can provide the better. --> | <!-- Expand on the summary, if appropriate. A couple sentences suffices to explain the goal, but the more details you can provide the better. --> | ||
Currently GCC does not enable any security hardening flags by default. They have to be explicitly enabled by the developers one-by-one. [[Ubuntu|https://wiki.ubuntu.com/ToolChain/CompilerFlags] however enables them and therefore has a hardened compiler by default. Each of these options can be explicitly disabled if required by the developer via a GCC command line flag. I am currently proposing the following flags be enabled by default. | Currently GCC does not enable any security hardening flags by default. They have to be explicitly enabled by the developers one-by-one. [[Ubuntu|https://wiki.ubuntu.com/ToolChain/CompilerFlags]] however enables them and therefore has a hardened compiler by default. Each of these options can be explicitly disabled if required by the developer via a GCC command line flag. I am currently proposing the following flags be enabled by default. | ||
'''-Wformat -Wformat-security -fstack-protector-strong --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2''''' | '''-Wformat -Wformat-security -fstack-protector-strong --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2''''' | ||
Revision as of 08:03, 5 March 2019
Enable Compiler Security hardening flags by default in GCC
Summary
By Default enable a few security hardening flags which are used with GCC.
Owner
- Name: Huzaifa Sidhpurwala
- Email: huzaifas@redhat.com
- Release notes owner: huzaifas@redhat.com
Current status
- Targeted release: Fedora 31
- Last updated: 2019-03-05
Detailed Description
Currently GCC does not enable any security hardening flags by default. They have to be explicitly enabled by the developers one-by-one. https://wiki.ubuntu.com/ToolChain/CompilerFlags however enables them and therefore has a hardened compiler by default. Each of these options can be explicitly disabled if required by the developer via a GCC command line flag. I am currently proposing the following flags be enabled by default.
-Wformat -Wformat-security -fstack-protector-strong --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2
Benefit to Fedora
We provide better security both for our packages and for applications/programs which users are building.
Scope
- Proposal owners: Patch gcc to enable these options by default. Patch should be very simple, since the compile/link code isnt actually touched.
- Other developers: Developers need to ensure that Fedora package is built and if any build failures they are corrected
- Release engineering:
- List of deliverables: ???
- Policies and guidelines: The policies and guidelines do not need to be updated.
- Trademark approval: Not needed for this change
Upgrade/compatibility impact
None
Some packaging changes required, see:
How To Test
Run "gcc -Q --help=target" to check if these flags are enabled by default
User Experience
None
Dependencies
All packages will be rebuild with new GCC options.
Contingency Plan
- Contingency mechanism: Roll back the GCC options and use the default ones.
- Contingency deadline:
- Blocks release? No
Documentation
Release Notes
- Release Notes tracking: <will be assigned by the Wrangler>