Recommended compiler and linker flags for GCC
Flag Purpose Applicable -D_FORTIFY_SOURCE=2 Run-time buffer overflow detection -fasynchronous-unwind-tables Increased reliability of backtraces -fexceptions Enable table-based thread cancellation -fpie -Wl,-pie Full ASLR for executables 7 and later (for executables) All (for executables) -fpic -shared No text relocations for shared libraries -fplugin=annobin Generate data for hardening quality control Future -fstack-clash-protection Increased reliability of stack overflow detection -fstack-protector or -fstack-protector-all Stack smashing protector -fstack-protector-strong -g Generate debugging information -grecord-gcc-switches Store compiler flags in debugging information -mcet -fcf-protection Control flow integrity protection -pipe Avoid temporary files, speeding up builds -Wall Recommended compiler warnings -Werror=format-security Reject potentially unsafe format string arguents -Werror=implicit-function-declaration Reject missing function prototypes -Wl,-z,defs Detect and reject underlinking -Wl,-z,now Disable lazy binding -Wl,-z,relro Read-only segments after relocation