From ac4cc2282bb3e9272f934cf37d355beb9320b69f Mon Sep 17 00:00:00 2001 From: inference Date: Fri, 26 Aug 2022 17:06:13 +0100 Subject: [PATCH] Add GCC integer overflow and undefined behaviour compilation hardening flags. --- portage/env/gcc-nolto-nopie.conf | 2 +- portage/env/gcc-nolto.conf | 2 +- portage/env/gcc-nopie.conf | 2 +- portage/env/gcc.conf | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/portage/env/gcc-nolto-nopie.conf b/portage/env/gcc-nolto-nopie.conf index 68028c8..e609ff6 100644 --- a/portage/env/gcc-nolto-nopie.conf +++ b/portage/env/gcc-nolto-nopie.conf @@ -13,7 +13,7 @@ RANLIB="ranlib" # Flags. ## Hardening flags. -C_HARDENING="-fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2" +C_HARDENING="-fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -fwrapv" LD_HARDENING="-Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro" ## Common flags. diff --git a/portage/env/gcc-nolto.conf b/portage/env/gcc-nolto.conf index 0d2d6ba..13e3391 100644 --- a/portage/env/gcc-nolto.conf +++ b/portage/env/gcc-nolto.conf @@ -13,7 +13,7 @@ RANLIB="ranlib" # Flags. ## Hardening flags. -C_HARDENING="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2" +C_HARDENING="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -fwrapv" LD_HARDENING="-Wl,-pie -Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro" ## Common flags. diff --git a/portage/env/gcc-nopie.conf b/portage/env/gcc-nopie.conf index 1695d7c..38d38ea 100644 --- a/portage/env/gcc-nopie.conf +++ b/portage/env/gcc-nopie.conf @@ -13,7 +13,7 @@ RANLIB="ranlib" # Flags. ## Hardening flags. -C_HARDENING="-fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2" +C_HARDENING="-fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -fwrapv" LD_HARDENING="-Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro" ## Common flags. diff --git a/portage/env/gcc.conf b/portage/env/gcc.conf index 47b0dbe..feb3ac8 100644 --- a/portage/env/gcc.conf +++ b/portage/env/gcc.conf @@ -13,7 +13,7 @@ RANLIB="ranlib" # Flags. ## Hardening flags. -C_HARDENING="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2" +C_HARDENING="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -fwrapv" LD_HARDENING="-Wl,-pie -Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro" ## Common flags.