wg-best-practices-os-developers icon indicating copy to clipboard operation
wg-best-practices-os-developers copied to clipboard

Published 20 hours ago verified publisher icon ossf

Add -D_LIBCPP_ENABLE_HARDENED_MODE=1

Open david-a-wheeler opened this issue 1 year ago • 4 comments

We should probably add -D_LIBCPP_ENABLE_HARDENED_MODE=1. It helps for C++ when using libc++ and the LLVM compiler. See: https://libcxx.llvm.org/Hardening.html#using-hardening-modes

david-a-wheeler avatar Nov 08 '23 17:11 david-a-wheeler

This bug is essentially a dupe of #149. LLVM keeps changing the option name. Please see https://github.com/ossf/wg-best-practices-os-developers/issues/149#issuecomment-1783719487 in particular.

thesamesam avatar Nov 12 '23 23:11 thesamesam

Thanks @thesamesam for keeping us updated on this. We jumped the gun a bit with the deprecation notes for the older macros as we were basing this on the proposed changes to LLVM 17. Given that these and the older alternatives have been unstable in the past, I would suggest we wait with further additions to the guide until the new hardened mode becomes available in a LLVM release, hopefully with LLVM 18.0.

thomasnyman avatar Nov 13 '23 17:11 thomasnyman

It seems libc++ documentation has received a page on Hardening modes that seems to match the proposal from November in 2023 in the Hardening RFC.

Can anyone with more insight into the discussions around these comment on whether the documented modes can be considered stable?

thomasnyman avatar Aug 08 '24 17:08 thomasnyman

I believe the now-documented modes aren't going to change. I can't promise that, but we haven't seen any discussions of changes, and have been using the new ones for a few releases in Gentoo now. I've also updated Meson to use them.

thesamesam avatar Aug 27 '24 13:08 thesamesam