Community
Participate
Working Groups
Build Identifier: Version: Indigo Service Release 2, Build id: 20120216-1857 Currently, the Eclipse C/C++ IDE includes useful warning switches including -Wall, -Wextra, and -Wconversion. The selection of switches related to executable hardening has some room for improvement, and would include: Compiler: -fstack-protector-all (-fstack-protector is default via a GCC Spec File yet does not show in the list). -Wformat=2 -Wformat-security -Wstrict-overflow -Wformat=2 -Wformat-security should be paired under this use case. Linker: -z,noexecstack -z,noexecheap -z,relro, and -z,now Randomization: Requires both compiler and linker switches. For executable programs, the code generation option is -fPIE and linker option is -pie. For shared objects, the code generation option is -fPIC and linker option is -shared. It would be great if {-fPIE, -pie} or {-fPIC, -shared} was intelligently displayed depending on the target (program vs shared object). Reproducible: Always Steps to Reproduce: Feature request
Android removed the "%n" format specifier, so Eclipse/Android project would only need -Wformat -Wformat-security. See one of the later replies by Nick Kralevich at "ProPolice and Android," http://groups.google.com/group/android-security-discuss/browse_thread/thread/d585aa8062964673.
I closed this bug, since the older one is more general and it can include even this one. *** This bug has been marked as a duplicate of bug 266305 ***
