Closed MrMontana1889 closed 1 year ago
BtbN
commented
1 year ago Those are MSVC switches. I don't build using MSVC. What do they do, and does gcc have something equivalent? Always happy to add compile time hardening where it's available and unobtrusive.
BtbN
commented
1 year ago According to Get-PESecurity, HighentropyVA is enabled already, and /GS is MSVCs version of -fstack-protector-strong, which is already enabled as well and pretty much always has been. Just added another hardening flag I learned about when researching this, though I'm not sure it does much, but can't hurt either.
MrMontana1889
commented
1 year ago Thank you! I will forward this on to our security team. I appreciate the quick responses.
We have just upgraded to use the latest 5.1 nightly build of ffmpeg. However, the compiler switches /HIGHENTROPYVA and /GS are not being used.
Our security audit will fail without these compiler switches.
I have yet to successfully build locally for Win64. Is there any way these switches can be added to the official nightly build?