Techly NewsGet the app

Get the latest tech news

Compiler Options Hardening Guide for C and C++


The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

Some language-level programming constructs, such as taking the address of a nested function (a GNU C extension to ISO standard C) requires special compiler handling which may not work correctly if the linker mark stack segments as non-executable. This contributes to minimizing the attack surface of the produced binary by precluding the execution of static initializers and deconstructors from unneeded libraries, and can also reduce the set of code available to code-reuse exploits, e.g., return-oriented programming. Sanitizers should not be used for hardening in production environments, particularly for Set User ID (SUID) binaries, as they expose operational parameters via environmental variables which can be manipulated to clobber root-owned files and privilege escalation.

Get the Android app

Or read this on Hacker News

« Apple’s ‘Project Mulberry’ AI agent aims to replicate your doctor by 2026, report says
Bell Labs Holmdel Complex »