https://gitlab.synchro.net/main/sbbs/-/commit/5929267a9f0471fa537d2315
Modified Files:
src/ssh/CMakeLists.txt audit-hardening.md
Log Message:
Implement OpenSSF compiler hardening flags (33 of 34)
All flags from the OpenSSF Compiler Options Hardening Guide are now feature-probed at configure time via check_c_compiler_flag and check_linker_flag, supporting back to GCC 8 / Clang 7.
Compile-time: -Wformat=2, -Wimplicit-fallthrough,
-Werror=format-security, -Werror=implicit,
-Werror=incompatible-pointer-types, -Werror=int-conversion, -D_FORTIFY_SOURCE=3, -fstrict-flex-arrays=3,
-fstack-clash-protection, -fstack-protector-strong, -ftrivial-auto-var-init=zero, -fno-delete-null-pointer-checks, -fno-strict-overflow, -fno-strict-aliasing
GCC-only: -Wtrampolines, -Wbidi-chars=any,
-fzero-init-padding-bits=all
Architecture: -fcf-protection=full (x86_64),
-mbranch-protection=standard (aarch64)
Linker: -Wl,-z,nodlopen, -Wl,-z,noexecstack,
-Wl,--as-needed, -Wl,--no-copy-dt-needed-entries
Deferred: -Wconversion (requires code changes for signedness).
Co-Authored-By: Claude Opus 4.6 (1M context) <
noreply@anthropic.com>
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net