This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

C-Based Toolchain Hardening

From OWASP
Revision as of 13:33, 14 February 2013 by Jeffrey Walton (talk | contribs) (Created page with "C-Based Toolchain Hardening is a technical guide to creating executables with defensive postures which integrate with platform security offered in its environment. This ar...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

C-Based Toolchain Hardening is a technical guide to creating executables with defensive postures which integrate with platform security offered in its environment. This article will examine C, C++ and Objective C for Microsoft and GCC toolchains. Effectively configuring the toolchain means a project will enjoy a number of benefits, including enhanced warnings and static analysis, self-debugging code, and hardened production code.

There are three areas to be examined when hardening the toolchain: configuration and preprocessor, compiler, and linker. Nearly all areas are overlooked or neglected when setting up a project. The neglect appears to be pandemic, and it applies to nearly all projects including Auto-configured projects, Makefile-based, Eclipse-based, Visual Studio-based, or Xcode-based.

The article will also detail steps that quality assurance personnel can perform to ensure third party code meets organizational standards. If an organization has not fully developed its acceptance and testing criteria, then this article will also provide minimum standards.

Introduction

Configuration

Preprocessor

Compiler

Linker

Auditing