Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hardened build flags #218

Closed
krille-chan opened this issue Jul 15, 2023 · 2 comments
Closed

Hardened build flags #218

krille-chan opened this issue Jul 15, 2023 · 2 comments
Labels
stale The item is going to be closed soon because of inactivity

Comments

@krille-chan
Copy link
Owner

Description

According to flutter/flutter#4368, it should be possible to pass some compiler flags to Flutter's build system. This means that it should be possible to get a PIE binary with hardening measures such as RELRO, no RUNPATH, and stack canaries.

Proposed changes: add -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -fstack-clash-protection -fcf-protection=full -fPIC -fPIE -fvisibility=hidden to the compiler flags, and add -pie to the LDFLAGS.

To Reproduce

Use checksec.sh on the Fluffychat binary to get the following output:

RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      Symbols         FORTIFY Fortified       Fortifiable     FILE
Partial RELRO   No canary found   NX enabled    No PIE          No RPATH   RUNPATH     No Symbols         No    0               0               fluffychat/fluffychat

Additional information:

  • Device: HP Elitebook 840 G1
  • OS and OS version: Fedora 35, kernel 5.15.6
  • Installed version of FluffyChat: 1.1.0 (Flatpak)
@krille-chan krille-chan removed the fluffy label Nov 5, 2023
@basings basings mentioned this issue Jan 23, 2024
Closed
@Henry-Hiles Henry-Hiles mentioned this issue Feb 7, 2024
Closed
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 6, 2024

This issue is stale because it has been open for 120 days with no activity.

@github-actions github-actions bot added the stale The item is going to be closed soon because of inactivity label Mar 6, 2024
@github-actions GitHub Actions
Copy link

This issue was closed because it has been inactive for 14 days since being marked as stale.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Mar 20, 2024
@farchord farchord mentioned this issue Apr 4, 2024
Open
@angloromanticism angloromanticism mentioned this issue Apr 23, 2024
Open
@Mek101 Mek101 mentioned this issue May 2, 2024
Open
@jfhc jfhc mentioned this issue May 9, 2024
Open
@JacketedSquash6 JacketedSquash6 mentioned this issue May 13, 2024
Open
@HarHarLinks HarHarLinks mentioned this issue May 19, 2024
Open
@dttocs dttocs mentioned this issue Jun 14, 2024
Closed
@marek-lach marek-lach mentioned this issue Jun 22, 2024
Closed
@andrewgdotcom andrewgdotcom mentioned this issue Jun 27, 2024
Open
@gentleAmateur gentleAmateur mentioned this issue Jul 7, 2024
Open
@dav23r dav23r mentioned this issue Jul 10, 2024
Open
@wanderson24 wanderson24 mentioned this issue Jul 15, 2024
Open
@rhinux rhinux mentioned this issue Jul 29, 2024
Open
@Saskia137 Saskia137 mentioned this issue Aug 6, 2024
Open
@phtnnz phtnnz mentioned this issue Aug 13, 2024
Open
@WilsonFung418 WilsonFung418 mentioned this issue Aug 17, 2024
Open
@hacker200010 hacker200010 mentioned this issue Aug 28, 2024
Open
@devDariush devDariush mentioned this issue Oct 19, 2024
Open
@Jebacka Jebacka mentioned this issue Nov 3, 2024
Open
@Nimrodium Nimrodium mentioned this issue Nov 9, 2024
Open
@MoonyTheMenace MoonyTheMenace mentioned this issue Nov 16, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale The item is going to be closed soon because of inactivity
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@krille-chan