Add Clang integer overflow and undefined behaviour compilation hardening flags.
This commit is contained in:
parent
c8499b1ac2
commit
9c059272af
2
portage/env/nolto-nopie.conf
vendored
2
portage/env/nolto-nopie.conf
vendored
@ -20,7 +20,7 @@ OBJDUMP="llvm-objdump"
|
||||
|
||||
# Flags.
|
||||
## Hardening flags.
|
||||
C_HARDENING="-fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2"
|
||||
C_HARDENING="-fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang -fwrapv"
|
||||
LD_HARDENING="-Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
|
||||
|
||||
## Common flags.
|
||||
|
||||
2
portage/env/nolto.conf
vendored
2
portage/env/nolto.conf
vendored
@ -20,7 +20,7 @@ OBJDUMP="llvm-objdump"
|
||||
|
||||
# Flags.
|
||||
## Hardening flags.
|
||||
C_HARDENING="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2"
|
||||
C_HARDENING="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang -fwrapv"
|
||||
LD_HARDENING="-Wl,-pie -Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
|
||||
|
||||
## Common flags.
|
||||
|
||||
2
portage/env/nopie.conf
vendored
2
portage/env/nopie.conf
vendored
@ -20,7 +20,7 @@ OBJDUMP="llvm-objdump"
|
||||
|
||||
# Flags.
|
||||
## Hardening flags.
|
||||
C_HARDENING="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2"
|
||||
C_HARDENING="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang -fwrapv"
|
||||
LD_HARDENING="-Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
|
||||
|
||||
## Common flags.
|
||||
|
||||
2
portage/env/werror.conf
vendored
2
portage/env/werror.conf
vendored
@ -20,7 +20,7 @@ OBJDUMP="llvm-objdump"
|
||||
|
||||
# Flags.
|
||||
## Hardening flags.
|
||||
C_HARDENING="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2"
|
||||
C_HARDENING="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang -fwrapv"
|
||||
LD_HARDENING="-Wl,-z,now -Wl,-z,relro -pie -Wl,--strip-all"
|
||||
|
||||
## Common flags.
|
||||
|
||||
@ -20,7 +20,7 @@ STRIP="llvm-strip"
|
||||
|
||||
# Flags.
|
||||
## Hardening flags.
|
||||
C_SEC="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2"
|
||||
C_SEC="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang -fwrapv"
|
||||
LD_SEC="-Wl,-pie -Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
|
||||
|
||||
## Common flags.
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user