Fedora 31 Plans To Use GCC Security Hardening Flags By Default

Written by Michael Larabel in Fedora on 12 March 2019 at 07:38 AM EDT. 36 Comments
FEDORA
Fedora 31 will likely be enabling various GCC security hardening flags by default in trying to further enhance the security of the software in its repositories and those building software on their own Fedora systems.

While Fedora generally leads the way with low-level innovations to the Linux stack thanks to Red Hat, in this case they are a bit behind the ball for enabling these GCC security hardening flags. In fact, the flags they are planning to use by default are already the defaults on Ubuntu.

With Fedora 31 they would enable "-Wformat -Wformat-security -fstack-protector-strong" flags by default for checking printf/scanf calls to ensure a proper format string is specified and conversions are correct, warning about possible security problems for the formatted printing, and additional stack protector protections.

Fedora's build system already enables some security-related flags by default but this change would patch GCC to enable the functionality by default for all software built by GCC (assuming the opposite flags aren't set) to ensure all software being built on the Fedora 31 compiler would receive these hardening benefits.

Details on this planned change for Fedora 31 is outlined via this change proposal.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week