4 May
2011
4 May
'11
7:26 p.m.
[2011-05-05 01:29:17 +1000] Allan McRae:
The plan is to add "-fstack-protector-all -D_FORTIFY_SOURCE=2 --param=ssp-buffer-size=4" to our C{XX}FLAGS and "-Wl,-z,relro" to our LDFLAGS.
Using these flags to build random packages, they appear to increase the typical binary size by roughly 6%. That's not too bad but could you say a bit more on the pros of enabling them for me and others who weren't devs when this was first discussed? Thanks. -- Gaetan