Add compiler flags suggested by security review (#4368) #177
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
goderbauer
reviewed
Oct 5, 2018
build/config/compiler/BUILD.gn
Outdated
| if (enable_lto) { | ||
| lto_flags += [ "-flto" ] | ||
| } | ||
| # TODO(goderbauer): re-enable when https://github.com/flutter/flutter/issues/21686 is fixed |
There was a problem hiding this comment.
This looks like a bad merge? I think LTO should stay on.
There was a problem hiding this comment.
Good catch! I think I was too far behind in the tree. Lemme go back and fix that.
goderbauer
approved these changes
Oct 8, 2018
|
@kf6gpe are we ready to merge this? |
|
Oh! Yes, please --- was waiting for an LGTM from @Hixie because it was kind of a sweeping change. Let me resolve the conflicts, and see what he thinks. |
goderbauer
added a commit
that referenced
this pull request
Oct 19, 2018
This reverts commit 9bbd435.
This was referenced Oct 27, 2018
|
-Wa,--noexecstack was reverted in #185 due to buildbot failures on Mac. Issue tracked in flutter/flutter#23606. Also, please format GN file updates using |
goderbauer
added a commit
that referenced
this pull request
Oct 29, 2018
…" (#186) This reverts commit 9bbd435. This caused major regressions, see flutter/flutter#23678. In the future, we can check the flags individually to see which we can add without regressing our benchmarks.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In 4368 it's recommended that we build binaries with the following flags that provide security benefits:
-fstack_protector_all)-Wl,z,relro),BIND_NOWto protect the global offset table from being overwritten (-Wl,-z,now)-fPIE,-pie).FORTIFY_SOURCEto protect from common misuse of memory and string functions. There is an existing comment that FORTIFY_SOURCE appears to have problems with clang, but that's with an unused optimization level (-O1) that does not appear to be pertinent to this work. However, I left in the comment should we choose to adjust the optimization levels in the future.(For a more detailed if slightly dated explanation of what these flags do, see here.)
Due to size constraints, I did not add the suggested optimization flag (
-O2) listed in the original issue, per discussions with @goderbauer on the issue.Changes were applied to the Android binary compilation flags, and relevant changes applied to the iOS compilation flags (stack cookies, offset table and read-only relocations are not supported by the iOS tools). Note that iOS generates code in a position-independent executable way by default, but I explicitly add those directives in a new iOS flag block for future reviewers.