Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Compile the plugin by-default with hardening flags #203

Open
EionRobb opened this issue Mar 8, 2019 · 0 comments
Open

Compile the plugin by-default with hardening flags #203

EionRobb opened this issue Mar 8, 2019 · 0 comments
Labels
enhancement New feature or request trivial

Comments

@EionRobb
Copy link
Owner

EionRobb commented Mar 8, 2019

Original report by Avamander (Bitbucket: avamander, GitHub: avamander).

Due to the fact that purple-hangouts is a somewhat sensitive piece of software with a rather big attack surface I think it's really worth compiling it by default with:

  • -fstack-protector-strong -Wstack-protector (-fstack-protector-all would work too, the performance impact is unnoticeable) - Protects against stack overflow

  • -fstack-clash-protection - Protects against stack clash attacks

  • -D_FORTIFY_SOURCE=2 - Protects against possible misuses of sensitive functions, http://man7.org/linux/man-pages/man7/feature_test_macros.7.html

  • -Wformat -Werror=format-security -Wformat-security - Helps avoid format errors

  • -Wl,-z,relro,-z,now - For full RELRO

I compiled it myself with these flags and it has worked perfectly so far
@EionRobb EionRobb added trivial enhancement New feature or request labels Nov 16, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request trivial
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@EionRobb