Zhe Zhao via llvm-dev
2017-Mar-07 12:23 UTC
[llvm-dev] Is Clang compiled binary more secure than gcc
Hi, Guys I try to make my compiled binary has more security feature like SafeStack or even CPI and so on, but I am not sure if Clang can really provide more security features than gcc in compiled object. Can someone help to give me some guidance about the clang security features usage and comparison with gcc? Thanks a lot a newbie in clang. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20170307/beaca4fd/attachment.html>
serge guelton via llvm-dev
2017-Mar-07 12:28 UTC
[llvm-dev] Is Clang compiled binary more secure than gcc
On Tue, Mar 07, 2017 at 08:23:17PM +0800, Zhe Zhao via llvm-dev wrote:> Hi, Guys > > I try to make my compiled binary has more security feature like SafeStack > or even CPI and so on, but I am not sure if Clang can really provide more > security features than gcc in compiled object. > > Can someone help to give me some guidance about the clang security features > usage and comparison with gcc?We listed several hardening features available when using clang here: http://blog.quarkslab.com/clang-hardening-cheat-sheet.html It's now 1 year old, but it may still help.
Graham Markall via llvm-dev
2017-Mar-17 11:19 UTC
[llvm-dev] Is Clang compiled binary more secure than gcc
> I try to make my compiled binary has more security feature like SafeStack > or even CPI and so on, but I am not sure if Clang can really provide more > security features than gcc in compiled object.We are working on a number of security features for both Clang and GCC in collaboration with Prof Elisabeth Oswald and Dr Dan Page at the University of Bristol, and will receive a grant from the UK government to focus more on this work over the next year. Some of the things that we're working on are discussed in this talk at FOSDEM: https://fosdem.org/2017/schedule/event/security_enhanced_llvm/ , which is summarised in the blog post at http://www.embecosm.com/2017/02/20/security-enhanced-compilers/ Are there particular security features that you're interested in seeing? If so, please feel free to contact me off-list, as it would be great for us to prioritise things that are anticipated by real-world users. Best regards, Graham Markall (Embecosm). -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20170317/f49db386/attachment.sig>