#1310 new enhancement

Using security flags when compiling bitlbee

Reported by: avamander@… Owned by:
Priority: normal Milestone:
Component: BitlBee Version: Unspecified
Keywords: Cc:
IRC client+version: Client-independent Operating System: Linux
OS version/distro:


Due to the fact that instant messaging is quite sensitive, takes in arbitrary input (from remote servers) and is sometimes open to the internet I think bitlbee could start using a few more compiler security flags, such as -fstack-clash-protection, -fstack-protector-strong -Wstack-protector and -D_FORTIFY_SOURCE=2.

In addition to the previously listed flags there's also -Wformat -Werror=format-security -Wformat-security, -Wl,-z,noexecstack and -fvtable-verify=[std|preinit] that could possibly be used but I haven't yet gotten to using/testing those, the ones in the first paragraph seem to work nicely.

There are pretty much no noticeable performance impact (even -fstack-protector-all is not noticeable) when using these flags but they significantly hinder a lot of attacks and thus better protect user data and the systems bitlbee runs on.

Attachments (0)

Change History (0)

Modify Ticket

as new The ticket will remain with no owner.

Add Comment

E-mail address and name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.