From e2b1a669c59d22061afcd2e324cc00c79e65e07c Mon Sep 17 00:00:00 2001 From: inference Date: Tue, 17 Jan 2023 01:31:17 +0000 Subject: [PATCH] Remove FORTIFY_SOURCE since it is not compatible with or used by musl libc. Switch stack protector from all to strong since strong covers the entire practical stack smashing protection threat model. Sort compiler hardening flags A-Z. Sort linker hardening flags A-Z. --- portage/env/gcc-nopie.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/portage/env/gcc-nopie.conf b/portage/env/gcc-nopie.conf index 2b79d6f..d9904c9 100644 --- a/portage/env/gcc-nopie.conf +++ b/portage/env/gcc-nopie.conf @@ -3,7 +3,7 @@ # Copyright 2022-2023 Inference # SPDX-License-Identifier: BSD-3-Clause-Clear -# Version: 1.0.0.3 +# Version: 2.0.0.4 # Toolchain @@ -23,8 +23,8 @@ STRIP="strip" # Flags ## Hardening flags -C_SEC="-fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -fwrapv" -LD_SEC="-Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro" +C_SEC="-fPIC -fstack-clash-protection -fstack-protector-strong -fwrapv" +LD_SEC="-Wl,-z,defs -Wl,-z,now -Wl,-z,relro -Wl,--strip-all" ## Compiler flags CFLAGS="-march=znver3 -mtune=znver3 -O2 -pipe -flto=4 -U__gnu_linux__ ${C_SEC}" CXXFLAGS="-march=znver3 -mtune=znver3 -O2 -pipe -flto=4 ${C_SEC}"