Inferencium/cfg
1
0
Fork 0
Code Issues Activity

Remove FORTIFY_SOURCE since it is not compatible with or used by musl libc. Switch stack protector from all to strong since strong covers the entire practical stack smashing protection threat model. Switch -ftrivial-auto-var-init from pattern to zero since it is no longer being removed from Clang and is more suitable for hardening. Sort compiler flags A-Z.

Browse Source
This commit is contained in:
inference 2023-01-17 01:47:33 +00:00
parent 385f144342
commit e43700cfc0
Signed by: inference
SSH Key Fingerprint: SHA256:9Pl0nZ2UJacgm+IeEtLSZ4FOESgP1eKCtRflfPfdX9M
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
portage/env/nolto.conf vendored
View File

@ -3,16 +3,16 @@
# Copyright 2022-2023 Inference # Copyright 2022-2023 Inference
# SPDX-License-Identifier: BSD-3-Clause-Clear # SPDX-License-Identifier: BSD-3-Clause-Clear
# Version: 2.0.0.3 # Version: 3.0.0.4
# Flags # Flags
## Hardening flags ## Hardening flags
C_SEC="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=pattern -fwrapv" C_SEC="-fPIC -fPIE -fstack-clash-protection -fstack-protector-strong -ftrivial-auto-var-init=zero -fwrapv"
LD_SEC="-Wl,-pie -Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro" LD_SEC="-Wl,-pie -Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
## Compiler flags ## Compiler flags
CFLAGS="-march=znver3 -mtune=znver3 -O2 -pipe -U__gnu_linux__ ${C_SEC}" CFLAGS="-march=znver3 -mtune=znver3 -O2 -pipe -U__gnu_linux__ ${C_SEC}"
CXXFLAGS="-march=znver3 -mtune=znver3 -O2 -pipe ${C_SEC}" CXXFLAGS="-march=znver3 -mtune=znver3 -O2 -pipe ${C_SEC}"
RUSTFLAGS="-C target-cpu=znver3 -C opt-level=2 -C debuginfo=0" RUSTFLAGS="-C debuginfo=0 -C opt-level=2 -C target-cpu=znver3"
## Linker flags ## Linker flags
LDFLAGS="-fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind ${LD_SEC}" LDFLAGS="-fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind ${LD_SEC}"