It would be really nice if purple-facebook were compiled with gcc hardening flags by default to protect against possible exploits as both user-data and the hosts where this plugin runs on are worth protecting.
Most popular software already uses all of these flags so chance of running into some bug is quite low.
I compiled purple-facebook with these flags and it works great:
-Wl,-z,relro,-z,now -fPIC -pic - Enables full RELRO, might need -z relro -z now additionally passed as linker argument if ld is used standalone
-fstack-protector-[strong|all] - Protects against possible stack overflows
-fstack-clash-protection - Protects against stack clash attacks
-D_FORTIFY_SOURCE=2 - Adds extra checks to certain dangerous functions
-Wformat -Wformat-security -Werror=format-security -Wstack-protector - Forbids insecure format() and warns about when stack-protector is not used
It would be really nice if purple-facebook were compiled with gcc hardening flags by default to protect against possible exploits as both user-data and the hosts where this plugin runs on are worth protecting.
Most popular software already uses all of these flags so chance of running into some bug is quite low. I compiled
purple-facebookwith these flags and it works great:-Wl,-z,relro,-z,now -fPIC -pic- Enables full RELRO, might need-z relro -z nowadditionally passed as linker argument ifldis used standalone-fstack-protector-[strong|all]- Protects against possible stack overflows-fstack-clash-protection- Protects against stack clash attacks-D_FORTIFY_SOURCE=2- Adds extra checks to certain dangerous functions-Wformat -Wformat-security -Werror=format-security -Wstack-protector- Forbids insecure format() and warns about when stack-protector is not used