jvoisin / compiler-flags-distro Goto Github PK
View Code? Open in Web Editor NEWUsage of enabled-by-default hardening-related compiler flags across Linux distributions
Usage of enabled-by-default hardening-related compiler flags across Linux distributions
-fsanitize=signed-integer-overflow -fsanitize-undefined-trap-on-error
creates better code due to using the compiler_rt builtins xor cpu intrinsics, see https://gist.github.com/jrelo/f5c976fdc602688a0fd40288fde6d886Personal opinion:
-Wstring-conversion
could be added, because implicit std::sting -> bool &
conversions, especially during function calls, are outright evil and not covered by -Wall, -Werror, -Wpedantic
etcNice link also covering msvc: https://airbus-seclab.github.io/c-compiler-security/
In Debian, compiler flags are implemented to protect their archive though dpkg. They expressly avoid changing gcc defaults. References in this repo point to Debian's gcc configs, I'd check dpkg-buildflags.
Ubuntu inherits these dpkg flags. Flags from gcc and dpkg and are used to build the Ubuntu Archive.
GCC flags are required to build artifacts, like software users compile or snaps, or anything not the Ubuntu Archive. What is listed on https://wiki.ubuntu.com/ToolChain/CompilerFlags applies to GCC.
So, in a way, all dpkg compiler flags in Debian apply to Ubuntu and Ubuntu is additionally setting GCC hardening flags* (there are probably exceptions to this). I'm not sure how you want to track this, but I wanted to let you know.
Also, the Debian and Ubuntu archive recently received -mbranch-protection https://bugs.launchpad.net/ubuntu/+source/gcc-13/+bug/2040321 through dpkg. And Debian recently received -fcf-protection (which Ubuntu GCC acquired in 19.10) https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=8f5aca71c1435c9913d5562b8cae68b751dff663
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.