Open myfirenze opened 4 years ago
thanks, @myfirenze,
Among the recommended flags in the link, did you have any specific reason you picked up these six (BIND_NOW, NX, PIC, PIE, RELRO, and SP)? Are they particularly recommended flags, or are they just examples?
Also, what does NX stand for? Does SP mean stack protection?
thanks, @myfirenze,
Among the recommended flags in the link, did you have any specific reason you picked up these six (BIND_NOW, NX, PIC, PIE, RELRO, and SP)? Are they particularly recommended flags, or are they just examples?
Also, what does NX stand for? Does SP mean stack protection?
See this page for more thorough info on these flags: https://fedoraproject.org/wiki/Security_Features_Matrix you can also see how those distros enable them on builds and why. NX stands for "non executable memory." I don't usually see "SP" used but my guess is that it stands for "stack protector" as it's called on above page.
liblz4-java.so is embedded in the lz4-java library. Some security compiler and linker flags are not enabled for the Linux platform when building liblz4-java.so, which may cause security risks
See https://developers.redhat.com/blog/2018/03/21/compiler-and-linker-flags-gcc/