Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Eclipse Adoptium "Security Audit" suggested compiler options for jdk-21.0.3+ gcc builds #3712

Closed
andrew-m-leonard opened this issue Mar 19, 2024 · 2 comments
Closed

Add Eclipse Adoptium "Security Audit" suggested compiler options for jdk-21.0.3+ gcc builds #3712

andrew-m-leonard opened this issue Mar 19, 2024 · 2 comments
Assignees
@andrew-m-leonard
Labels
enhancement Issues that enhance the code or documentation of the repo in any way

Comments

@andrew-m-leonard
Copy link
Contributor

andrew-m-leonard commented Mar 19, 2024
edited
Loading

As part of the Eclipse Adoptium security audit, the following gcc options were suggested as being used to enhance the security of the JDK binaries.
Code generation suggestions:

  • -fstack-protector-strong : Extends the basic stack protection without impacting all functions, see: https://lwn.net/Articles/584225/
  • --param=ssp-buffer-size=4 : param The minimum size of buffers (i.e. arrays) that receive stack smashing protection when -fstack-protector is used. This ties in with -fstack-protector-strong to better cover the stack protection.

Compiler Warning suggestions:

  • -Wformat : printf/scanf string checks
  • -D_FORTIFY_SOURCE=2 : string related compile time checks
  • -Wformat-security : enahnced printf/scanf string security checks
  • -Wshadow : warn about variable/function shadowing
  • -Wconversion : Warn for implicit conversions that may alter a value
@andrew-m-leonard andrew-m-leonard added the enhancement Issues that enhance the code or documentation of the repo in any way label Mar 19, 2024
@andrew-m-leonard andrew-m-leonard self-assigned this Mar 19, 2024
@andrew-m-leonard andrew-m-leonard added the PMC-agenda For the PMC to review label Mar 19, 2024
@andrew-m-leonard
Copy link
Contributor Author

@sxa fyi

@andrew-m-leonard andrew-m-leonard removed the PMC-agenda For the PMC to review label Mar 19, 2024
@andrew-m-leonard
Copy link
Contributor Author

dup of #3685

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andrew-m-leonard andrew-m-leonard

Labels
enhancement Issues that enhance the code or documentation of the repo in any way
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@andrew-m-leonard