This is the command hardening-wrapper that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator
PROGRAM:
NAME
hardened-cc - gcc wrapper to enforce hardening toolchain improvements
SYNOPSIS
export DEB_BUILD_HARDENING=1
gcc ...
DESCRIPTION
The hardened-cc wrapper is normally used by calling gcc as usual when DEB_BUILD_HARDENING
is set to 1. It will configure the necessary toolchain hardening features. By default, all
features are enabled. If a given feature does not work correctly and needs to be disabled,
the corresponding environment variables mentioned below can be set to 0.
ENVIRONMENT
DEB_BUILD_HARDENING=1
Enable hardening features.
DEB_BUILD_HARDENING_DEBUG=1
Print the full resulting gcc command line to STDERR before calling gcc.
DEB_BUILD_HARDENING_OUTPUT=/some/path/debug.log
Instead of using STDERR for debugging, redirect to the given path. Some builds are
very sensitive to unexpected STDERR output.
DEB_BUILD_HARDENING_STACKPROTECTOR=0
Disable stack overflow protection. See README.Debian for details.
DEB_BUILD_HARDENING_RELRO=0
Disable read-only linker sections. See README.Debian for details.
DEB_BUILD_HARDENING_FORTIFY=0
Don't fortify several standard functions. See README.Debian for details.
DEB_BUILD_HARDENING_PIE=0
Don't build position independent executables. See README.Debian for details.
DEB_BUILD_HARDENING_FORMAT=0
Disable unsafe format string usage errors. See README.Debian for details.
NOTES
System-wide settings can be added to /etc/hardening-wrapper.conf, one per line.
The real gcc symlinks are renamed gcc.real, and a diversion is registered with dpkg-
divert(1). Thus hardened-cc's idea of the default gcc is dictated by whatever package
installed /usr/bin/gcc.
Use hardening-wrapper online using onworks.net services
