From 35095be95d24dda16704ec803c09e0271abea77b Mon Sep 17 00:00:00 2001 From: inference Date: Tue, 17 Jan 2023 01:33:37 +0000 Subject: [PATCH] Remove FORTIFY_SOURCE since it is not compatible with or used by musl libc. Switch stack protector from all to strong since strong covers the entire practical stack smashing protection threat model. Sort compiler hardening flags A-Z. Sort linker hardening flags A-Z. --- portage/env/gcc.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/portage/env/gcc.conf b/portage/env/gcc.conf index 5cb4ba8..d20c15f 100644 --- a/portage/env/gcc.conf +++ b/portage/env/gcc.conf @@ -3,7 +3,7 @@ # Copyright 2022-2023 Inference # SPDX-License-Identifier: BSD-3-Clause-Clear -# Version: 1.0.0.2 +# Version: 2.0.0.3 # Toolchain @@ -22,8 +22,8 @@ STRIP="strip" # Flags ## Hardening flags -C_SEC="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -fwrapv" -LD_SEC="-Wl,-pie -Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro" +C_SEC="-fPIE -fPIC -fstack-clash-protection -fstack-protector-strong -fwrapv" +LD_SEC="-Wl,-z,defs -Wl,-z,now -Wl,-pie -Wl,-z,relro -Wl,--strip-all" ## Compiler flags CFLAGS="-march=znver3 -mtune=znver3 -O2 -pipe -flto=4 -U__gnu_linux__ ${C_SEC}" CXXFLAGS="-march=znver3 -mtune=znver3 -O2 -pipe -flto=4 ${C_SEC}"