Рекомендуемые флаги компилятора и линкера для GCC


Flag	Purpose	Applicable 
-D_FORTIFY_SOURCE=2	Run-time buffer overflow detection
-fasynchronous-unwind-tables	Increased reliability of backtraces	
-fexceptions	Enable table-based thread cancellation
-fpie -Wl,-pie	Full ASLR for executables	7 and later (for executables)	All (for executables)
-fpic -shared	No text relocations for shared libraries
-fplugin=annobin	Generate data for hardening quality control	Future	
-fstack-clash-protection	Increased reliability of stack overflow detection
-fstack-protector or -fstack-protector-all	Stack smashing protector
-fstack-protector-strong
-g	Generate debugging information
-grecord-gcc-switches	Store compiler flags in debugging information
-mcet -fcf-protection	Control flow integrity protection	
-pipe	Avoid temporary files, speeding up builds
-Wall	Recommended compiler warnings
-Werror=format-security	Reject potentially unsafe format string arguents
-Werror=implicit-function-declaration	Reject missing function prototypes
-Wl,-z,defs	Detect and reject underlinking
-Wl,-z,now	Disable lazy binding
-Wl,-z,relro	Read-only segments after relocation
Chris Nzoka-okoye