Provided by: hardening-wrapper_2.7ubuntu2_amd64 bug

NAME

       hardened-cc - gcc wrapper to enforce hardening toolchain improvements

SYNOPSIS

       export DEB_BUILD_HARDENING=1

       gcc ...

DESCRIPTION

       The  hardened-cc wrapper is normally used by calling gcc as usual when DEB_BUILD_HARDENING
       is set to 1. It will configure the necessary toolchain hardening features. By default, all
       features are enabled. If a given feature does not work correctly and needs to be disabled,
       the corresponding environment variables mentioned below can be set to 0.

ENVIRONMENT

       DEB_BUILD_HARDENING=1
              Enable hardening features.

       DEB_BUILD_HARDENING_DEBUG=1
              Print the full resulting gcc command line to STDERR before calling gcc.

       DEB_BUILD_HARDENING_OUTPUT=/some/path/debug.log
              Instead of using STDERR for debugging, redirect to the given path. Some builds  are
              very sensitive to unexpected STDERR output.

       DEB_BUILD_HARDENING_STACKPROTECTOR=0
              Disable stack overflow protection. See README.Debian for details.

       DEB_BUILD_HARDENING_RELRO=0
              Disable read-only linker sections. See README.Debian for details.

       DEB_BUILD_HARDENING_FORTIFY=0
              Don't fortify several standard functions. See README.Debian for details.

       DEB_BUILD_HARDENING_PIE=0
              Don't build position independent executables. See README.Debian for details.

       DEB_BUILD_HARDENING_FORMAT=0
              Disable unsafe format string usage errors. See README.Debian for details.

NOTES

       System-wide settings can be added to /etc/hardening-wrapper.conf, one per line.

       The  real  gcc  symlinks  are  renamed  gcc.real, and a diversion is registered with dpkg-
       divert(1).  Thus hardened-cc's idea of the default gcc is  dictated  by  whatever  package
       installed /usr/bin/gcc.

SEE ALSO

       hardened-ld(1) gcc(1)