Poster of Linux kernelThe best gift for a Linux geek
HARDENED-CC

HARDENED-CC

Section: Debian GNU/Linux (1) Updated: 2008-01-08
Local index Up
 

NAME

hardened-c++ - g++ wrapper to enforce hardening toolchain improvements  

SYNOPSIS

export DEB_BUILD_HARDENING=1

g++ ...  

DESCRIPTION

The hardened-c++ wrapper is normally used by calling g++ as usual when DEB_BUILD_HARDENING is set to 1. It will configure the necessary toolchain hardening features. By default, all features are enabled. If a given feature does not work correctly and needs to be disabled, the corresponding environment variables mentioned below can be set to 0.

 

ENVIRONMENT

DEB_BUILD_HARDENING=1
Enable hardening features.
DEB_BUILD_HARDENING_DEBUG=1
Print the full resulting g++ command line to STDERR before calling g++.
DEB_BUILD_HARDENING_STACKPROTECTOR=0
Disable stack overflow protection. See README.Debian for details.
DEB_BUILD_HARDENING_RELRO=0
Disable read-only linker sections. See README.Debian for details.
DEB_BUILD_HARDENING_FORTIFY=0
Don't fortify several standard functions. See README.Debian for details.
DEB_BUILD_HARDENING_PIE=0
Don't build position independent executables. See README.Debian for details.
DEB_BUILD_HARDENING_FORMAT=0
Disable unsafe format string usage errors. See README.Debian for details.

 

NOTES

System-wide settings can be added to /etc/hardening-wrapper.conf, one per line.

The real g++ symlinks are renamed g++.real, and a diversion is registered with dpkg-divert(1). Thus hardened-c++'s idea of the default g++ is dictated by whatever package installed /usr/bin/g++.

 

SEE ALSO

hardened-ld(1) g++(1)


 

Index

NAME
SYNOPSIS
DESCRIPTION
ENVIRONMENT
NOTES
SEE ALSO

This document was created by man2html, using the manual pages.
Time: 21:13:48 GMT, April 16, 2011