Announcement

Collapse
No announcement yet.

GCC Preparing To Introduce "-fhardened" Security Hardening Option

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • GCC Preparing To Introduce "-fhardened" Security Hardening Option

    Phoronix: GCC Preparing To Introduce "-fhardened" Security Hardening Option

    Following discussions among compiler developers and other stakeholders, the GNU Compiler Collection (GCC) is preparing to add a "-fhardened" compiler option that will enable various hardening features aimed at increasing the security/robustness of the generated binaries...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    certainly an improvement than having people look up all those settings, but would be better just to make it the default. it's not like linux makes mitigations=off the default, why should the "should be always safe and make more secure code" compiler options be default off?

    Comment


    • #3
      Originally posted by fitzie View Post
      certainly an improvement than having people look up all those settings, but would be better just to make it the default. it's not like linux makes mitigations=off the default, why should the "should be always safe and make more secure code" compiler options be default off?
      Maybe because some Linux users chase speed at any and all cost. See every post Michael has ever made about new CPU vulnerabilities and people like well screw that I'll just run with mitigations=off that will show them! Personally I've been on a journey the last 4 years to adopt OpenBSD for more and more use cases. Is it as fast as Linux? No, it will never be, but is it fast enough, yes, yes it is. And apart from AAA gaming, OpenBSD is sufficient for all my needs right now.

      Comment


      • #4
        The option should definitely include either -Wall or -Werror.

        Originally posted by fitzie View Post
        certainly an improvement than having people look up all those settings, but would be better just to make it the default. it's not like linux makes mitigations=off the default, why should the "should be always safe and make more secure code" compiler options be default off?
        That's an insane proposal. You'll need to patch tens if not hundreds of performance critical libraries and applications to disable it.

        The option has severe implications in terms of performance, no it can't be enabled by default.

        Comment


        • #5
          Originally posted by avis View Post

          The option has severe implications in terms of performance, no it can't be enabled by default.
          A lot of the individual options that this consolidates into are enabled by default already in several distros including Fedora and RHEL. They have some amount of build-time cost but the biggest reason not to enable it by default is compatibility with legacy codebases which GCC doesn't want to break wholesale, not performance.

          Comment


          • #6
            can't cause new build errors.
            That's a pretty severe limitation. "Yes, harden my program by injecting all of this code into it, but no, don't harden my program by telling me about problems so I can go and fix them"

            Comment


            • #7
              Originally posted by RahulSundaram View Post

              A lot of the individual options that this consolidates into are enabled by default already in several distros including Fedora and RHEL. They have some amount of build-time cost but the biggest reason not to enable it by default is compatibility with legacy codebases which GCC doesn't want to break wholesale, not performance.
              Fedora has had rpmrc since RedHat 5.0 or something back in 1998, there's no such issue.

              It's just a single line which gets applied to all the packages you wanna build.

              Comment


              • #8
                Originally posted by avis View Post

                Fedora has had rpmrc since RedHat 5.0 or something back in 1998, there's no such issue.

                It's just a single line which gets applied to all the packages you wanna build.
                Yes I am aware obviously and that's the reason Fedora has many of these options enabled already as I noted but upstream GCC is always going to be much more conservative in changing defaults. That's why they won't do it. Not performance.

                Comment


                • #9
                  Originally posted by bachchain View Post
                  That's a pretty severe limitation. "Yes, harden my program by injecting all of this code into it, but no, don't harden my program by telling me about problems so I can go and fix them"
                  It is not much of a limitation. You will get warnings, it just won't be errors that stop the build unless you choose to use -Werror. This is the standard policy for all such issues.

                  Comment


                  • #10
                    it will take a decade or two before debian would include it in its packages :E

                    Comment

                    Working...
                    X