id summary reporter owner description type status priority milestone component version resolution keywords cc irc_client os os_version 1310 Using security flags when compiling bitlbee avamander@… "Due to the fact that instant messaging is quite sensitive, takes in arbitrary input (from remote servers) and is sometimes open to the internet I think bitlbee could start using a few more compiler security flags, such as `-fstack-clash-protection`, `-fstack-protector-strong -Wstack-protector` and `-D_FORTIFY_SOURCE=2`. In addition to the previously listed flags there's also `-Wformat -Werror=format-security -Wformat-security`, `-Wl,-z,noexecstack` and `-fvtable-verify=[std|preinit]` that could possibly be used but I haven't yet gotten to using/testing those, the ones in the first paragraph seem to work nicely. There are pretty much no noticeable performance impact (even `-fstack-protector-all` is not noticeable) when using these flags but they significantly hinder a lot of attacks and thus better protect user data and the systems bitlbee runs on." enhancement new normal BitlBee Unspecified Client-independent Linux