[MDEV-5730] enhance security using special compilation options - Jira

XML

Word

Printable

Details

Type: Task
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Fix Version/s: 10.1.0
Component/s: None
Labels:
None

Description

gcc/ld have different options that can make resulting binaries more secure against buffer/stack overflow exploits. RedHat uses most of them for distribution binaries. We need to analyze these options, understand the benefits and drawbacks, and possibly use them too in our builds.
The (incomplete) list is

-pie

-Wp,-D_FORTIFY_SOURCE=2

-fstack-protector --param=ssp-buffer-size=4

-Wl,-z,relro,-z,now

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

graph.ro.pdf
60 kB
2014-06-25 18:59
graph.rw.pdf
62 kB
2014-06-25 18:59

Issue Links

relates to

MDEV-6479 stack traces in 10.1

Closed

links to

an article about RELRO

Review of the patch

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Sergei Golubchik

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2014-02-25 14:18

Updated:: 2014-07-23 14:37

Resolved:: 2014-06-26 13:48

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.