Home > mailing lists

Compiler security flags while compiling postgres - Mailing list pgsql-novice

From	Ramesh Gowrishankar
Subject	Compiler security flags while compiling postgres
Date	January 22, 2016 08:05:42
Msg-id	CY1PR19MB01705F2A41C49F8642B1E2E7C4C40@CY1PR19MB0170.namprd19.prod.outlook.com Whole thread Raw
List	pgsql-novice

Tree view

Hello,

I wanted to get the perspective of the community on the need to compile with security flags that protect against buffer overflow. It does not appear that the installer for Windows was compiled with these options and I was wondering why.

I am thinking of a compiler flag like /GS (which is now enabled by default in the Microsoft compiler) https://msdn.microsoft.com/en-us/library/8dbf701c.aspx

/GS (Buffer Security Check) - msdn.microsoft.com

msdn.microsoft.com

Detects some buffer overruns that overwrite a function's return address, exception handler address, or certain types of parameters. Causing a buffer overrun is a ...

The postgres binaries are getting flagged in security scans as not being compiled with the recommended secure compiler flags and I am wondering if we need to go through the trouble of recompiling postgres just to add the security related compiler flags.

Thanks

Ramesh

pgsql-novice by date:

From: Chris Spencer
Date: 12 January 2016, 00:31:28
Subject: Re: How to enable partial matching on a GIN index

From: Caesar Olima
Date: 22 January 2016, 18:43:50
Subject: Enquiry about setting Up PostgreSQL 8.4 PIRT

Compiler security flags while compiling postgres - Mailing list pgsql-novice

Previous

Next