This repository was archived by the owner on Apr 21, 2025. It is now read-only.
Add compiler flags suggested by security review (#4368)#177
Merged
kf6gpe merged 4 commits intoflutter:masterfrom Oct 18, 2018
kf6gpe:4368-compiler-flag-changes
Merged
Add compiler flags suggested by security review (#4368)#177kf6gpe merged 4 commits intoflutter:masterfrom kf6gpe:4368-compiler-flag-changes
kf6gpe merged 4 commits intoflutter:masterfrom
kf6gpe:4368-compiler-flag-changes
Conversation
goderbauer
reviewed
Oct 5, 2018
build/config/compiler/BUILD.gn
Outdated
| if (enable_lto) { | ||
| lto_flags += [ "-flto" ] | ||
| } | ||
| # TODO(goderbauer): re-enable when https://github.com/flutter/flutter/issues/21686 is fixed |
Member
There was a problem hiding this comment.
This looks like a bad merge? I think LTO should stay on.
Contributor
Author
There was a problem hiding this comment.
Good catch! I think I was too far behind in the tree. Lemme go back and fix that.
goderbauer
approved these changes
Oct 8, 2018
Member
goderbauer
left a comment
goderbauer
left a comment
There was a problem hiding this comment.
LGTM
Hopefully this will not impact performance or size negatively.
Member
|
@kf6gpe are we ready to merge this? |
Contributor
Author
|
Oh! Yes, please --- was waiting for an LGTM from @Hixie because it was kind of a sweeping change. Let me resolve the conflicts, and see what he thinks. |
goderbauer
added a commit
that referenced
this pull request
Oct 19, 2018
This reverts commit 9bbd435.
This was referenced Oct 27, 2018
Contributor
|
-Wa,--noexecstack was reverted in #185 due to buildbot failures on Mac. Issue tracked in flutter/flutter#23606. Also, please format GN file updates using |
goderbauer
added a commit
that referenced
this pull request
Oct 29, 2018
…" (#186) This reverts commit 9bbd435. This caused major regressions, see flutter/flutter#23678. In the future, we can check the flags individually to see which we can add without regressing our benchmarks.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In 4368 it's recommended that we build binaries with the following flags that provide security benefits:
-fstack_protector_all)-Wl,z,relro),BIND_NOWto protect the global offset table from being overwritten (-Wl,-z,now)-fPIE,-pie).FORTIFY_SOURCEto protect from common misuse of memory and string functions. There is an existing comment that FORTIFY_SOURCE appears to have problems with clang, but that's with an unused optimization level (-O1) that does not appear to be pertinent to this work. However, I left in the comment should we choose to adjust the optimization levels in the future.(For a more detailed if slightly dated explanation of what these flags do, see here.)
Due to size constraints, I did not add the suggested optimization flag (
-O2) listed in the original issue, per discussions with @goderbauer on the issue.Changes were applied to the Android binary compilation flags, and relevant changes applied to the iOS compilation flags (stack cookies, offset table and read-only relocations are not supported by the iOS tools). Note that iOS generates code in a position-independent executable way by default, but I explicitly add those directives in a new iOS flag block for future reviewers.