Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Konstantin Gizdov
rfcs
Commits
42b9152b
Verified
Commit
42b9152b
authored
Jan 25, 2021
by
Allan McRae
Browse files
Updates to build flags
Signed-off-by:
Allan McRae
<
allan@archlinux.org
>
parent
33d8b5fd
Changes
1
Hide whitespace changes
Inline
Side-by-side
rfcs/0003-buildflags.rst
0 → 100644
View file @
42b9152b
======================
Updates to build flags
======================
- Date proposed: 2020-03-04
- RFC MR: https://gitlab.archlinux.org/archlinux/rfcs/-/merge_requests/0003
Summary
-------
Updating our buildflags will improve our packages security
Motivation
----------
Compiler security features have advanced since we last updated our buildflags.
While we have enabled some of these by default in our compilers, there is
further improvements to be made.
This RFC puts forward a set of compiler flags that have seen real world usage
in other distributions. e.g. [1] [2]
[1] https://src.fedoraproject.org/rpms/redhat-rpm-config/blob/master/f/buildflags.md.
[2] https://wiki.ubuntu.com/ToolChain/CompilerFlags
Specification
-------------
We will change the distributed makepkg.conf to the following:
::
#CPPFLAGS=""
CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions \
-Wp,-D_FORTIFY_SOURCE=2,-D_GLIBCXX_ASSERTIONS -Werror=format-security"
CXXFLAGS="$CFLAGS"
LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
DEBUG_CFLAGS="-g -fvar-tracking-assignments"
Details of new additions:
* Move ``-D_FORTIFY_SOURCE=2`` from CPPFLAGS to CFLAGS using -Wp
Unfortunately, there are still build systems which use CFLAGS but not CPPFLAGS.
Or configure tests that use CPPFLAGS and not CFLAGS which creates errors due to
fortify source needing optimisation. Ultimately, we can cover more code with
this workaround.
* Add ``-fexceptions``
Provide exception unwinding support for C programs. This also hardens cancellation
handling in C programs, and makes it possible to unwind the stack (using C++ throw
or Rust panics) from C callback functions
* Add ``-Wp,-D_GLIBCXX_ASSERTIONS``
Enable lightweight assertions in the C++ standard library. This flag is added to
both CFLAGS and CXXFLAGS; C compilations will simply ignore it.
* Add ``-Werror=format-security``
Turn on format string warnings and treat them as errors. This catches a set of
readily exploitable bugs. This can occasionally result in compilation errors,
but this should be minimal as it is widely used by other distributions.
Alternatives Considered
-----------------------
* Add ``-grecord-gcc-switches`` to our debug builds
This is the default in GCC.
* Add ``-fasynchronous-unwind-tables`` to our debug builds
This is the default in GCC, at least for x86_64.
Drawbacks
---------
Moving ``-D_FORTIFY_SOURCE=2`` is zero cost.
Adding ``-Werror=format-security`` may cause limited build issues, but patches are
readily available.
There is a minimal performance overhead of adding ``-Wp,-D_GLIBCXX_ASSERTIONS``,
though many of the added checks are optimised away by the compiler.
Adding ``-fexceptions`` can produce some data size overhead in C programs, though
does not affect execution. GCC enables it by default for C++.
Unresolved Questions
--------------------
None.
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
Allan McRae <allan@archlinux.org>Allan McRae <allan@archlinux.org>