Recommended compiler and linker flags for GCC
Flag Purpose Applicable
-D_FORTIFY_SOURCE=2 Run-time buffer overflow detection
-fasynchronous-unwind-tables Increased reliability of backtraces
-fexceptions Enable table-based thread cancellation
-fpie -Wl,-pie Full ASLR for executables 7 and later (for executables) All (for executables)
-fpic -shared No text relocations for shared libraries
-fplugin=annobin Generate data for hardening quality control Future
-fstack-clash-protection Increased reliability of stack overflow detection
-fstack-protector or -fstack-protector-all Stack smashing protector
-fstack-protector-strong
-g Generate debugging information
-grecord-gcc-switches Store compiler flags in debugging information
-mcet -fcf-protection Control flow integrity protection
-pipe Avoid temporary files, speeding up builds
-Wall Recommended compiler warnings
-Werror=format-security Reject potentially unsafe format string arguents
-Werror=implicit-function-declaration Reject missing function prototypes
-Wl,-z,defs Detect and reject underlinking
-Wl,-z,now Disable lazy binding
-Wl,-z,relro Read-only segments after relocation