Src2pkg.conf w/ "hardened" EXTRA_FLAGS

For discussions about programming and projects not necessarily associated with Porteus.

Src2pkg.conf w/ "hardened" EXTRA_FLAGS

Postby n0ctilucient » 23 Apr 2017, 14:27

For those interested in hardening Slackware binaries...

This is the "extra flags" section of my /etc/src2pkg/src2pkg.conf...
Code: Select all
# If you are using some architecture besides ix86, you may want to
# change the defaults for these. See the DEFINES file for more
# info on how these are set by src2pkg
# [[ $STD_CONFIGS  ]]  ||  STD_CONFIGS=
# [[ $STD_FLAGS ]] || STD_FLAGS=
# This is a better place to put extra compiler flags -for example '-pipe'
# ...Noteworthy?
[[ $EXTRA_FLAGS ]] || EXTRA_FLAGS="-fstack-protector-all -fsanitize=address -D_FORTIFY_SOURCE=­2"
# Here's an example for building really small binaries
# [[ $EXTRA_FLAGS ]] || EXTRA_FLAGS="-pipe -momit-leaf-frame-pointer -fomit-frame-pointer -fmerge-all-constants -mpreferred-stack-boundary=2"
# You can use EXTRA_LDFLAGS to pass extra options to the linker
# ...Noteworthy?
[[ $EXTRA_LDFLAGS ]] || EXTRA_LDFLAGS="-pie"


Noteworthy is this line...
[[ $EXTRA_FLAGS ]] || EXTRA_FLAGS="-fstack-protector-all -fsanitize=address -D_FORTIFY_SOURCE=2"


Mileage may vary. Some source may not compile with these parameters.

Pls Note: -fsanitize does not always play well with -D_FORTIFY_SOURCE so you may have to choose.

Also... use the -O switch otherwise EXTRA_FLAGS will be ignored (eg. "src2pkg -O...").

I have as of this writing successfully compiled "tcc" and "musl" with the following parameters...
[[ $EXTRA_FLAGS ]] || EXTRA_FLAGS="-fstack-protector-all -D_FORTIFY_SOURCE=2"



Reference: ProPolice ... AddressSanitizer

Also see... https://www.youtube.com/watch?v=T4NadnbfYjY
n0ctilucient
Ronin
Ronin
 
Posts: 3
Joined: 21 Apr 2017, 16:59
Location: 127.0.0.1
Distribution: freeDOS

Return to Programming



Who is online

Users browsing this forum: No registered users and 1 guest