I try to make my compiled binary has more security feature like SafeStack or even CPI and so on, but I am not sure if Clang can really provide more security features than gcc in compiled object.
Can someone help to give me some guidance about the clang security features usage and comparison with gcc?
Thanks a lot
a newbie in clang.
We listed several hardening features available when using clang here:
It's now 1 year old, but it may still help.
I try to make my compiled binary has more security feature like SafeStack
or even CPI and so on, but I am not sure if Clang can really provide more
security features than gcc in compiled object.
We are working on a number of security features for both Clang and GCC in
collaboration with Prof Elisabeth Oswald and Dr Dan Page at the University
of Bristol, and will receive a grant from the UK government to focus more
on this work over the next year.
Some of the things that we're working on are discussed in this talk at
FOSDEM: https://fosdem.org/2017/schedule/event/security_enhanced_llvm/ ,
which is summarised in the blog post at
Are there particular security features that you're interested in seeing?
If so, please feel free to contact me off-list, as it would be great for
us to prioritise things that are anticipated by real-world users.
Graham Markall (Embecosm).