GNU.WIKI: The GNU/Linux Knowledge Base

  [HOME] [PHP Manual] [HowTo] [ABS] [MAN1] [MAN2] [MAN3] [MAN4] [MAN5] [MAN6] [MAN7] [MAN8] [MAN9]

  [0-9] [Aa] [Bb] [Cc] [Dd] [Ee] [Ff] [Gg] [Hh] [Ii] [Jj] [Kk] [Ll] [Mm] [Nn] [Oo] [Pp] [Qq] [Rr] [Ss] [Tt] [Uu] [Vv] [Ww] [Xx] [Yy] [Zz]


NAME

       hardened-cc - gcc wrapper to enforce hardening toolchain improvements

SYNOPSIS

       export DEB_BUILD_HARDENING=1

       gcc ...

DESCRIPTION

       The  hardened-cc  wrapper is normally used by calling gcc as usual when
       DEB_BUILD_HARDENING is set  to  1.  It  will  configure  the  necessary
       toolchain  hardening features. By default, all features are enabled. If
       a given feature does not work correctly and needs to be  disabled,  the
       corresponding environment variables mentioned below can be set to 0.

ENVIRONMENT

       DEB_BUILD_HARDENING=1
              Enable hardening features.

       DEB_BUILD_HARDENING_DEBUG=1
              Print  the  full  resulting  gcc  command  line to STDERR before
              calling gcc.

       DEB_BUILD_HARDENING_OUTPUT=/some/path/debug.log
              Instead of using STDERR for debugging,  redirect  to  the  given
              path.  Some  builds  are  very  sensitive  to  unexpected STDERR
              output.

       DEB_BUILD_HARDENING_STACKPROTECTOR=0
              Disable  stack  overflow  protection.  See   README.Debian   for
              details.

       DEB_BUILD_HARDENING_RELRO=0
              Disable   read-only   linker  sections.  See  README.Debian  for
              details.

       DEB_BUILD_HARDENING_FORTIFY=0
              Don't fortify several standard functions. See README.Debian  for
              details.

       DEB_BUILD_HARDENING_PIE=0
              Don't  build position independent executables. See README.Debian
              for details.

       DEB_BUILD_HARDENING_FORMAT=0
              Disable unsafe format string usage errors. See README.Debian for
              details.

NOTES

       System-wide  settings  can be added to /etc/hardening-wrapper.conf, one
       per line.

       The real  gcc  symlinks  are  renamed  gcc.real,  and  a  diversion  is
       registered with dpkg-divert(1).  Thus hardened-cc's idea of the default
       gcc is dictated by whatever package installed /usr/bin/gcc.

SEE ALSO

       hardened-ld(1) gcc(1)



  All copyrights belong to their respective owners. Other content (c) 2014-2018, GNU.WIKI. Please report site errors to webmaster@gnu.wiki.
Page load time: 0.154 seconds. Last modified: November 04 2018 12:49:43.