Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.
Bug 377366 - Feature Request: Compiler and Linker Hardening Switches
Summary: Feature Request: Compiler and Linker Hardening Switches
Status: CLOSED DUPLICATE of bug 266305
Alias: None
Product: CDT
Classification: Tools
Component: cdt-build-managed (show other bugs)
Version: 8.0.2   Edit
Hardware: PC Linux
: P3 enhancement (vote)
Target Milestone: ---   Edit
Assignee: Project Inbox CLA
QA Contact: Chris Recoskie CLA
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-04-22 20:30 EDT by Jeffrey Walton CLA
Modified: 2020-01-01 09:47 EST (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeffrey Walton CLA 2012-04-22 20:30:55 EDT
Build Identifier: Version: Indigo Service Release 2, Build id: 20120216-1857

Currently, the Eclipse C/C++ IDE includes useful warning switches including -Wall, -Wextra, and -Wconversion.

The selection of switches related to executable hardening has some room for improvement, and would include:

Compiler: -fstack-protector-all (-fstack-protector is default via a GCC Spec File yet does not show in the list). -Wformat=2 -Wformat-security -Wstrict-overflow

-Wformat=2 -Wformat-security should be paired under this use case.

Linker: -z,noexecstack -z,noexecheap -z,relro, and -z,now

Randomization:
Requires both compiler and linker switches. For executable programs, the code generation option is -fPIE and linker option is -pie. For shared objects, the code generation option is -fPIC and linker option is -shared.

It would be great if {-fPIE, -pie} or {-fPIC, -shared} was intelligently displayed depending on the target (program vs shared object).

Reproducible: Always

Steps to Reproduce:
Feature request
Comment 1 Jeffrey Walton CLA 2012-07-13 15:20:18 EDT
Android removed the "%n" format specifier, so Eclipse/Android project would only need -Wformat -Wformat-security. See one of the later replies by Nick Kralevich at "ProPolice and Android," http://groups.google.com/group/android-security-discuss/browse_thread/thread/d585aa8062964673.
Comment 2 Marco Stornelli CLA 2020-01-01 09:47:43 EST
I closed this bug, since the older one is more general and it can include even this one.

*** This bug has been marked as a duplicate of bug 266305 ***