Opened at 2019-03-08T10:59:03Z
#1310 new enhancement
Using security flags when compiling bitlbee
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | BitlBee | Version: | Unspecified |
| Keywords: | Cc: | ||
| IRC client+version: | Client-independent | Operating System: | Linux |
| OS version/distro: |
Description
Due to the fact that instant messaging is quite sensitive, takes in arbitrary input (from remote servers) and is sometimes open to the internet I think bitlbee could start using a few more compiler security flags, such as -fstack-clash-protection, -fstack-protector-strong -Wstack-protector and -D_FORTIFY_SOURCE=2.
In addition to the previously listed flags there's also -Wformat -Werror=format-security -Wformat-security, -Wl,-z,noexecstack and -fvtable-verify=[std|preinit] that could possibly be used but I haven't yet gotten to using/testing those, the ones in the first paragraph seem to work nicely.
There are pretty much no noticeable performance impact (even -fstack-protector-all is not noticeable) when using these flags but they significantly hinder a lot of attacks and thus better protect user data and the systems bitlbee runs on.
