You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: Doc/using/configure.rst
+17-4Lines changed: 17 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -909,19 +909,32 @@ Security Options
909
909
910
910
.. option:: --disable-safety
911
911
912
-
Disable compiler options that are recommended by `OpenSSF`_ for security reasons with no performance overhead.
912
+
Disable compiler options that are `recommended by OpenSSF`_ for security reasons with no performance overhead.
913
913
If this option is not enabled, CPython will be built based on safety compiler options with no slow down.
914
+
When this option is enabled, CPython will not be built with the compiler options listed below.
914
915
915
-
.. _OpenSSF: https://openssf.org/
916
+
The following compiler options are disabled with :option:`!--disable-safety`:
917
+
918
+
* `-fstack-protector-strong`_: Enable run-time checks for stack-based buffer overflows.
919
+
* `-Wtrampolines`_: Enable warnings about trampolines that require executable stacks.
920
+
921
+
.. _recommended by OpenSSF: https://github.com/ossf/wg-best-practices-os-developers/blob/main/docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.md
0 commit comments