On Thu, Jan 03, 2019 at 12:31:50PM -0800, Tom Stellard wrote:
On 01/03/2019 12:28 PM, Carlos O'Donell wrote:
On 1/3/19 2:49 PM, Michael Cronenworth wrote:
Part of Fedora's default C/CXX flags include -fstack-clash-protection but clang does not support this flag and has until a few weeks ago[1] silently ignored the flag.
What are clang apps who use Fedora's default flags supposed to do? Are there clang default flag macros?
Thanks, Michael
You should reach out to Tom or Serge for comments :-)
The recommended solution for now is to filter out flags that clang does not support.
See for example: https://src.fedoraproject.org/rpms/libcxx/blob/master/f/libcxx.spec#_60
If the goal is to harden the binary without much performance overhead, clang also proposes some unique flags, maybe it is worth considering them?
https://clang.llvm.org/docs/SafeStack.html looks like a decent choice.