Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-5730

enhance security using special compilation options

    Details

    • Type: Task
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Fix Version/s: 10.1.0
    • Component/s: None
    • Labels:
      None

      Description

      gcc/ld have different options that can make resulting binaries more secure against buffer/stack overflow exploits. RedHat uses most of them for distribution binaries. We need to analyze these options, understand the benefits and drawbacks, and possibly use them too in our builds.
      The (incomplete) list is

      -pie
      -Wp,-D_FORTIFY_SOURCE=2
      -fstack-protector --param=ssp-buffer-size=4
      -Wl,-z,relro,-z,now

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                serg Sergei Golubchik
                Reporter:
                serg Sergei Golubchik
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: