[arch-dev-public] Adding hardening compiler/linker flags

Gaetan Bisson bisson at archlinux.org
Wed May 4 15:26:58 EDT 2011

[2011-05-05 01:29:17 +1000] Allan McRae:
> The plan is to add "-fstack-protector-all -D_FORTIFY_SOURCE=2
> --param=ssp-buffer-size=4" to our C{XX}FLAGS and "-Wl,-z,relro" to
> our LDFLAGS.

Using these flags to build random packages, they appear to increase the
typical binary size by roughly 6%. That's not too bad but could you say
a bit more on the pros of enabling them for me and others who weren't
devs when this was first discussed?



More information about the arch-dev-public mailing list