Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit aab18f4

Browse filesBrowse files
nohlsonAA-Turner
nohlson
and
AA-Turner
authored
gh-112301: Update documentation for configure options (--disable-safety and --enable-slower-safety) (#122758)
Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com>
1 parent 2037d8c commit aab18f4
Copy full SHA for aab18f4

File tree

Expand file treeCollapse file tree

1 file changed

+17
-4
lines changed
Filter options
Expand file treeCollapse file tree

1 file changed

+17
-4
lines changed

‎Doc/using/configure.rst

Copy file name to clipboardExpand all lines: Doc/using/configure.rst
+17-4Lines changed: 17 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -909,19 +909,32 @@ Security Options
909909

910910
.. option:: --disable-safety
911911

912-
Disable compiler options that are recommended by `OpenSSF`_ for security reasons with no performance overhead.
912+
Disable compiler options that are `recommended by OpenSSF`_ for security reasons with no performance overhead.
913913
If this option is not enabled, CPython will be built based on safety compiler options with no slow down.
914+
When this option is enabled, CPython will not be built with the compiler options listed below.
914915

915-
.. _OpenSSF: https://openssf.org/
916+
The following compiler options are disabled with :option:`!--disable-safety`:
917+
918+
* `-fstack-protector-strong`_: Enable run-time checks for stack-based buffer overflows.
919+
* `-Wtrampolines`_: Enable warnings about trampolines that require executable stacks.
920+
921+
.. _recommended by OpenSSF: https://github.com/ossf/wg-best-practices-os-developers/blob/main/docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.md
922+
.. _-fstack-protector-strong: https://github.com/ossf/wg-best-practices-os-developers/blob/main/docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.md#enable-run-time-checks-for-stack-based-buffer-overflows
923+
.. _-Wtrampolines: https://github.com/ossf/wg-best-practices-os-developers/blob/main/docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.md#enable-warning-about-trampolines-that-require-executable-stacks
916924

917925
.. versionadded:: 3.14
918926

919927
.. option:: --enable-slower-safety
920928

921-
Enable compiler options that are recommended by `OpenSSF`_ for security reasons which require overhead.
929+
Enable compiler options that are `recommended by OpenSSF`_ for security reasons which require overhead.
922930
If this option is not enabled, CPython will not be built based on safety compiler options which performance impact.
931+
When this option is enabled, CPython will be built with the compiler options listed below.
932+
933+
The following compiler options are enabled with :option:`!--enable-slower-safety`:
934+
935+
* `-D_FORTIFY_SOURCE=3`_: Fortify sources with compile- and run-time checks for unsafe libc usage and buffer overflows.
923936

924-
.. _OpenSSF: https://openssf.org/
937+
.. _-D_FORTIFY_SOURCE=3: https://github.com/ossf/wg-best-practices-os-developers/blob/main/docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.md#fortify-sources-for-unsafe-libc-usage-and-buffer-overflows
925938

926939
.. versionadded:: 3.14
927940

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.