[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

An question about default opened option "-fstack-protector-strong"

On 14 June 2018 at 08:03, Shao, Ting <ting.shao at intel.com> wrote:
> Hi,
> I was trying to enable the â??stack smashing protectionâ?? for node.js(issue
> 20928). And I switched it on using â??-fstack-protectorâ??
> And made a benchmark test, while the result is quite strange. Then I found
> on my Ubuntu 16.04, the â??fstack-protector-strong
> Was by default enabled. I checked it using the command:
> Gcc â??Q â??v main.c
> And found the â??fstack-protector-strong flag was listed inside the â??options
> passedâ?? by default.
> So based on these, I have some questions:
> I installed gcc from apt-get by default, is Ubuntu providing a customized
> version of GCC?
> If answer of 1 is yes, then you may have a repo that host the customized GCC
> code, if I am right, could you please show me where I can find the proof of
> that customization?
> That would be much appreciated. J Or if you canâ??t find the right code, can
> you show me where I can find the repo, then I can traverse the code and
> history to find the proof myself.

Some of our default toolchain flags are documented at:

Security-related distribution features (which include many toolchain
customizations) are documented at:

The userspace hardening section does mention "Note: Ubuntu's compiler
hardening applies not only to its official builds but also anything
built on Ubuntu using its compiler." This ensures that self-compiled /
3rd-party code has on-par security when redistributed, or when
targetting Ubuntu platform. The Ubuntu toolchain is an integral part
of the Ubuntu product line.