Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-5730

enhance security using special compilation options

    XMLWordPrintable

Details

    • Task
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 10.1.0
    • None
    • None

    Description

      gcc/ld have different options that can make resulting binaries more secure against buffer/stack overflow exploits. RedHat uses most of them for distribution binaries. We need to analyze these options, understand the benefits and drawbacks, and possibly use them too in our builds.
      The (incomplete) list is

      -pie
      -Wp,-D_FORTIFY_SOURCE=2
      -fstack-protector --param=ssp-buffer-size=4
      -Wl,-z,relro,-z,now

      Attachments

        1. graph.ro.pdf
          60 kB
          Axel Schwenke
        2. graph.rw.pdf
          62 kB
          Axel Schwenke

        Issue Links

          Activity

            People

              serg Sergei Golubchik
              serg Sergei Golubchik
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.