C Compiler Hardening
References
Follow Siddhesh Poyarekar for compiler hardening improvements.
Follow Kees Cook for compiler harening improvements to the Linux Kernel.
Relevant presentations at GNU Tools Cauldron and Linux Security Summit.
Videos
- Progress On Bounds Checking in C and the Linux Kernel - LSS NA 2023 - by Kees Cook and Gustavo A.R. Silva
- Making C Less Dangerous - LSS NA 2018 - Kees Cook
- STACKLEAK: A Long Way to the Linux Kernel Mainline - LSS NA 2018 - by Alexander Popov
jvoisin/compiler-flags-distro
Compiler flag defaults used across distros to build packages.
_FORTIFY_SOURCE=3
Mitigates buffer overflows and unsafe libc use.
- LP#2012440: Please add -D_FORTIFY_SOURCE=3 to default build flags
- GCC’s new fortification level: The gains and costs by Siddhesh Poyarekar
- Changes/Add FORTIFY SOURCE=3 to [Fedora] distribution build flags by Siddhesh Poyarekar
- _FORTIFY_SOURCE=3 performance by Siddhesh Poyarekar
-fstack-protector-strong
Enables run-time stack overflow verification using a stack canary. Has more coverage than -fstack-protector, but less than -fstack-protector-all
- “Strong” stack protection for GCC by Jack Edge
-D_GLIBCXX_ASSERTIONS
Provides compile-time best-practices errors for certain libc functions, and provides run-time buffer lengths and memory region checks.
_GLIBCXX_ASSERTIONS was developed not to impact ABI or big-O complexity.
The
_GLIBCXX_ASSERTIONSmacro defines a subset of the_GLIBCXX_DEBUGchecks, with no impact on class layout and minimal impact on runtime (and no changes in algorithmic complexity). It is intended to be suitable for both debug builds and release builds. -@[email protected]
-fcf-protection=full
Indirect branch tracking and shadow stacks on most x86 archs. Prevents code reuse attacks (ROP/COP/JOP).
-mbranch-protection
Prevents code resuse attacks on arm64.
checking flags
dpkg-buildflags
gcc -Q --help=optimizers
checksec